Ask Your Question
1

Desktop user security

asked 2015-03-19 20:25:34 -0600

Mohan G gravatar image

updated 2015-04-08 22:41:52 -0600

I am using F21 workstation but I think this is not a fedora specific issue. I recently realized that any user remotely logged-in to a linux machine, can capture/view the desktop of the any other user who is using the GUI.

This is a serious security flaw. How can a user protect against such scenario.

Update 1: Remote user is logged-in as non-sudo user via SSH. I tested it using ffmpeg's x11grab.

Update 2: This happens on F21 LXDE desktop environment. This OS was installed using Fedora-Live-LXDE-x86_64-20-1.iso and then upgraded to F21 using fedup.

Update 3: I have filed a bugreport for this.

edit retag flag offensive close merge delete

Comments

what do you mean with remotely logged-in? SSH? as root?

florian gravatar imageflorian ( 2015-03-19 20:36:31 -0600 )edit

a user logged-in as non-sudo user via SSH

Mohan G gravatar imageMohan G ( 2015-03-19 20:55:10 -0600 )edit

I am sure you want to share more details...

florian gravatar imageflorian ( 2015-03-19 21:21:45 -0600 )edit

I tested it using ffmpeg's x11grab.

Mohan G gravatar imageMohan G ( 2015-03-19 21:30:44 -0600 )edit

Manage to record x display using ffmpeg's x11grab as root, but not as different user from the one that is running the X display, any more information you can provide

aeperezt gravatar imageaeperezt ( 2015-03-19 22:29:46 -0600 )edit
see more comments

1 Answer

Sort by ยป oldest newest most voted
0

answered 2015-04-08 19:26:57 -0600

Zan Lynx gravatar image

Can't say for sure but I suspect that the user has followed some bad advice and is running xhost +. If you do that, it turns off all access control for the X session and allows absolutely anyone to connect to it.

Or, just guessing since you didn't give a lot of detail, the user's $HOME/.Xauthority file is world-readable. Or the user intentionally used the xauth program to grant access to the SSH user. Or the X server is somehow getting started with the -ac option. Doubtful. I don't even know how you convince gdm to change X's launch options.

Here is a related link http://unix.stackexchange.com/questio...

edit flag offensive delete link more

Comments

This is a fresh install using Fedora-Live-LXDE-x86_64-20-1.iso. I have not changed any configuration.

Mohan G gravatar imageMohan G ( 2015-04-08 22:38:25 -0600 )edit
add a comment

Question Tools

3 followers

subscribe to rss feed

Stats

Asked: 2015-03-19 20:25:34 -0600

Seen: 458 times

Last updated: Apr 08 '15

Related questions

How to change wallpaper in KDE4?

Connecting laptop to screen or beamer resulting multiple desktops?

Can't see my desktop bar

Why is my touch screen being loaded as a joystick?

Resolution stuck at 640x480 after failed nvidia driver install

how to: distrust quovadis (and maybe digicert) system-wide

F22 - LiveCD freezes after splash screen

fedora19, kernel 3.11 screen not backlit

I lost my desktop (new to fedora)

What is the proper way to configure PAM?

Ask Fedora is community maintained and Red Hat or Fedora Project is not responsible for content. Content on this site is licensed under a CC-BY-SA 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2