Xserver screen locking/virtual console security
I have done some searching around but have not been able to find a satisfactory answer to this question, perhaps due to the fact that I am not sure exactly what terms to use in my searching.
When you have not set up xdm, kdm, gdm, etc - and are just using the plain old text login, then using "startx" to begin your xsession, I seem to have found a security "issue" that I cannot find an answer for...
When using either xlock or kde's screen saver/Lock Desktop feature w/ password protection, if you push a button or move the mouse it will prompt for a password, however using the CTRL-ALT-F1 combination brings me to the tty0 where the X session was started from. I can then use Ctrl-Z to background the startx process and kill off the screensaver process, switch back to virtual console 7 and just like that I've defeated the "Lock Desktop" mechanism. At home this is not a concern, however at work I lock my computer every time I step away even for a moment, yet it seems to be wide open to any knowledgeable person.
If this is a common problem/issue that has already been addressed, please at least point me in the right direction, or at most tell me how to secure against this type of workaround.
Thanks
|