LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

DRI3000

DRI3000

Posted Feb 23, 2013 15:19 UTC (Sat) by khim (subscriber, #9252)
In reply to: DRI3000 by Serge
Parent article: LCA: The X-men speak

Think about it, what do you actually need this feature for?

Heh.

Imagine a public machine that different users can log in to.

I don't need to imagine that. This is exactly where we use Ctrl-Alt-Del on Windows the most.

It does not matter, is it windows, linux, graphical or text terminal.

Yes, it does matter. Very much so.

User just comes, logs in, does the job and logs out, another user comes, etc.

Sorry, but this is where you conveniently change your usecase to make sure you'll win the argument. Why would I log out? In our case it's pretty beefy test Windows system (actually few Windows systems: Windows XP, Windows Vista, Windows 7, Windows 8, etc) which is shared with many other developers. It's pretty beefy system so we don't log out out of it, but use Ctrl-Alt-Del to lock it instead. When machine is locked (and it's usually locked) I can press Ctrl-Alt-Del to guarantee that I'm at the login screen, log into the system as me (all my programs and windows are where I left them), then, when I'm done with testing, lock the screen again. It's safe because all the places where I enter password are under control of the administrator or me, other people's sessions never see my password.

If you're going to log in to a public Windows machine, you first hit Ctrl+Alt+Del, just in case, and then enter login/password. Same when you come to a public Linux machine, whatever you see on a screen, you first hit "Secure Access Key" (if there's something running, it gets killed, getty will respawn), then enter login/password. That's just another (better) solution to the same problem.

Is this a joke? Let's compare.

Windows "awful solution":
1. Press Alt-Ctrl-Del.
2. Pick your session.
3. Enter password and start workding.

Linux's "better" solution:
1. Try to find some free text login screen on some console.
2. Press Alt+SysRq+K to restart everything.
3. Login and use some tools (which ones?) to see if your session is hijaked or not.
4. Do a logout on text console.
5. Switch to a graphical one where your session is still [hopefully] resides and finally
6. Unlock the screen.

Do you really believe this convoluted dance which you need to perform again if you left the system for the 3 minutes to go to WC is somehow better then Windows approach?

You can Ctrl+Alt+F1...F6, SAK, log in as root and "only guaranteed secure set of programs" will work there for you. Windows just don't have such a simple thing. :)

It looks like your information is out of date (as usual for Linux pundit). Windows received this ability in Windows Vista which is six year old by now! Before that it was impossible to combine secure Ctrl-Alt-Del with domains which made this approach not all that practically usable. Microsoft fixed it's usability problem and now it's pleasure to use (and quite safe to boot) while Linux pundits continue to preach that their beloved Linux has perfect solution while in fact it's approach is clearly inferior (it may be theoretically slightly more safe, but in practice it's very easy to use it in unsafe way and quite hard to use it in safe way which means that in practice it's worse).

Both Linux and Windows continue to evolve and while some places where Linux is better still remain Windows is better in many, many aspects. Ctrl-Alt-Del vs Alt+SysRq+K/Ctrl+Alt+Backspace is one of them. Think about it: why Ctrl+Alt+Backspace is disabled on many [most?] Linux distributions? It's for a reason! This approach is dangerous: it's very easy to accidentally lose your data. Windows's approach, on the other hand, is not just safe - it's pleasure to use!

(Log in to post comments)

DRI3000

Posted Feb 23, 2013 22:12 UTC (Sat) by Serge (guest, #84957) [Link]

> I don't need to imagine that. This is exactly where we use Ctrl-Alt-Del on Windows the most.

Good. Many people have a dedicated machine, often more than one, they need neither C-A-Del, nor C-A-BS, nor SAK, they just lock screen and don't worry about such things.

> this is where you conveniently change your usecase to make sure you'll win the argument. Why would I log out?

I explained a more complex case, since I wasn't sure what you actually want. What you have described is a regular switch user (http://i.imgur.com/uhIeO.png) feature that is supported in every distribution around.

To protect from someone creating a screensaver-like tool with fake "Switch User" button, you can configure display manager to autologin on tty1 and run a single program with the large "Switch User" button on it. After that to be safe every time you want to enter the password you press Ctrl+Alt+F1. :)

> Windows received this ability in Windows Vista which is six year old by now!

That's another ability. Under Linux on any virtual console you can run arbitrary "guaranteed secure set of programs", anything you want, not just winlogon dialog.

> Both Linux and Windows continue to evolve and while some places where Linux is better still remain Windows is better in many, many aspects.

Windows is usually better if you got used to it and its bugs. Windows is also often better when it works right out of the box and does exactly what you want. But when you want more, or want to optimize it for your needs, it's easier to configure linux then fight with windows. IMHO, of course.

DRI3000

Posted Feb 23, 2013 23:10 UTC (Sat) by lindi (subscriber, #53135) [Link]

> you can configure display manager to autologin on tty1 and run a single program with the large "Switch User" button on it.

Before we can assess the security of your solution I think you need to first implement it. Before we can assess the usability of your solution I think you need at least a few hundred users. Sorry but the devil is usually in the implementation details :) Also, constantly running a second X server on tty1 wastes memory.

DRI3000

Posted Feb 24, 2013 13:19 UTC (Sun) by khim (subscriber, #9252) [Link]

Also, constantly running a second X server on tty1 wastes memory.

This waste is limited and should be similar to what Windows wastes for it's own login screen. So that's not a problem.

Before we can assess the security of your solution I think you need to first implement it. Before we can assess the usability of your solution I think you need at least a few hundred users.

This is a problem. Serge may argue that his solution is perfect (because it's not implemented and thus you can not argue about it's weaknesses) while I argue that it's extremely bad: solution which exists and is used is always more secure on practice then another solution which does not exist and is only imagined by someone.

DRI3000

Posted Feb 25, 2013 10:46 UTC (Mon) by Serge (guest, #84957) [Link]

> Before we can assess the security of your solution I think you need to first implement it.

It's easy. Create user "switcher", configure your DM to autologin it, and set its session to a shell script like this:

while true; do if zenity --info --text 'Switch Session'; then gdmflexiserver; fi; done

Just tested it with Ubuntu and LightDM.

> Before we can assess the usability of your solution I think you need at least a few hundred users.

How are you going to find them? Most people don't need it. Those few who really need it are skilled enough to write one-line-shell-script themselves. :)

> Also, constantly running a second X server on tty1 wastes memory.

Yeah, about 10-15 MB. If that's too much you can replace `zenity` with console `dialog` and run similar script instead of getty. Unlike Windows there're lots of options. :)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds