Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[solved] lightdm created tty session not password protected
 View unanswered posts
View posts from last 24 hours
View posts from last 7 days

 
Reply to topic    Gentoo Forums Forum Index Desktop Environments
View previous topic :: View next topic  
Author Message
Mgiese
Veteran
Veteran


Joined: 23 Mar 2005
Posts: 1609
Location: indiana
PostPosted: Mon Sep 26, 2022 11:12 am    Post subject: [solved] lightdm created tty session not password protected Reply with quote
hi guys,

as the title suggests, i am using lightdm

when logging in with one user then "switching" (function of xfce4) to another user, i get 2 active sessions:

tty6 user1
tty7 user2

the problem is, that i can switch both ttys without entering passwords for the respective user

this is desktop-environment independently, happens from xfc4 to another DE, and vice versa

i don`t know if this is a lightdm bug, or a missconfiguration on my side or even a gentoo related bug


any help is very much appriciated
_________________
I do not have a Superman complex, for I am God not Superman :D

Ryzen9 7950x ; Geforce1650 ; kernel 6.5 ; XFCE

Last edited by Mgiese on Tue Sep 27, 2022 10:18 am; edited 1 time in total
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21633
PostPosted: Mon Sep 26, 2022 2:49 pm    Post subject: Reply with quote
Switching terminals is not password-protected. If you require security, then the protected user needs to use a screen-locking utility, so that when you arrive at that user's terminal, the only things you can do are give the user's password or switch to a different terminal. If you don't use a screen-locker, then you have the related problem that a user who walks away leaves their session unprotected and available to whoever walks up to the computer next.
Back to top
View user's profile Send private message
Mgiese
Veteran
Veteran


Joined: 23 Mar 2005
Posts: 1609
Location: indiana
PostPosted: Tue Sep 27, 2022 10:12 am    Post subject: Reply with quote
i am not sure you get the extend of this.

i am logged in as a user. then i use the xfce button "log out". there i have several options, one of them is "switch user". as i do this, the screen should now automatically be locked. but it is not.... and i`d say this is a security flaw. OK, i will give your suggestion a try and look for screen-locker for xfce..

cheers
_________________
I do not have a Superman complex, for I am God not Superman :D

Ryzen9 7950x ; Geforce1650 ; kernel 6.5 ; XFCE
Back to top
View user's profile Send private message
Mgiese
Veteran
Veteran


Joined: 23 Mar 2005
Posts: 1609
Location: indiana
PostPosted: Tue Sep 27, 2022 10:18 am    Post subject: Reply with quote
ok , solved, i just enabled in the xfce4 screensaver section "Lock Screen"

thanks
_________________
I do not have a Superman complex, for I am God not Superman :D

Ryzen9 7950x ; Geforce1650 ; kernel 6.5 ; XFCE
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21633
PostPosted: Tue Sep 27, 2022 11:31 am    Post subject: Reply with quote
If the button labeled "Log out" does not in fact log out the user, I would say that is a bug. It should not be labeled "Log out" if that is not what it does.

A desktop-assisted user switch ought to be able to automatically lock the source terminal, though in some environments the administrator may not want the burden that brings. My point was that if you use the Xorg tty-switch hotkey, which is available independent of your desktop, you can go to any tty, and if the destination tty is unlocked, then yes, you have an access control problem. That is not a problem with the tty-switch functionality; it is a problem with the individual users' environments not enforcing access control.
Back to top
View user's profile Send private message
Mgiese
Veteran
Veteran


Joined: 23 Mar 2005
Posts: 1609
Location: indiana
PostPosted: Sun Oct 09, 2022 12:02 am    Post subject: Reply with quote
Hu wrote:
If the button labeled "Log out" does not in fact log out the user, I would say that is a bug. It should not be labeled "Log out" if that is not what it does.

A desktop-assisted user switch ought to be able to automatically lock the source terminal, though in some environments the administrator may not want the burden that brings. My point was that if you use the Xorg tty-switch hotkey, which is available independent of your desktop, you can go to any tty, and if the destination tty is unlocked, then yes, you have an access control problem. That is not a problem with the tty-switch functionality; it is a problem with the individual users' environments not enforcing access control.


it happend on "switch" user. not on "log out" thanks
_________________
I do not have a Superman complex, for I am God not Superman :D

Ryzen9 7950x ; Geforce1650 ; kernel 6.5 ; XFCE
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Desktop Environments All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy