[Xorg] OLS and console rearchitecture: second pass

Jon Smirl jonsmirl at yahoo.com
Thu Jul 29 18:10:24 PDT 2004

Message from  yahoo.com.
Unable to deliver message to the following address(es).

<xorg-xserver at freedesktop.org>: does not like recipient.
Remote host said: 550 <xorg-xserver at freedesktop.org>: Recipient address
rejected: User unknown in 
local recipient table
Giving up on

--- Original message follows.

Return-Path: <jonsmirl at yahoo.com>
Message-ID: <20040730005227.44446.qmail at web14924.mail.yahoo.com>
--- Ely Levy <elylevy at cs.huji.ac.il> wrote:
> Hey,
> I remember a while ago there was a talk about locking one of the
> devices
> so only one user can open it. This to prevent anyone else (even with
> root
> accesss?) from seeing your screen.
> is it still planned? is it solved by some other way?

I don't think there is any way to lock out root. Root can always open
/dev/mem and get to the framebuffer. Even if we lock that down, root
can modprobe in their own device driver.

It should be possible to lock out non-root users.

SE Linux should provide more control over what root can do, but I don't
know enough about it. If you figure out how to lock out root please let
me know.

> Another thing was the discussion about making sure that you are
> entering
> your login to X or console and not to some trojan.
> Does it address this as well?

Alan Cox says this is covered but I'm not clear on how he is going to
achieve it.

Jon Smirl
jonsmirl at yahoo.com

Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!

More information about the xorg mailing list