Ask Your Question
1

Desktop user security

asked 2015-03-19 20:25:34 -0600

Mohan G gravatar image

updated 2015-04-08 22:41:52 -0600

I am using F21 workstation but I think this is not a fedora specific issue. I recently realized that any user remotely logged-in to a linux machine, can capture/view the desktop of the any other user who is using the GUI.

This is a serious security flaw. How can a user protect against such scenario.

Update 1: Remote user is logged-in as non-sudo user via SSH. I tested it using ffmpeg's x11grab.

Update 2: This happens on F21 LXDE desktop environment. This OS was installed using Fedora-Live-LXDE-x86_64-20-1.iso and then upgraded to F21 using fedup.

Update 3: I have filed a bugreport for this.

edit retag flag offensive close merge delete

Comments

what do you mean with remotely logged-in? SSH? as root?

florian gravatar imageflorian ( 2015-03-19 20:36:31 -0600 )edit

a user logged-in as non-sudo user via SSH

Mohan G gravatar imageMohan G ( 2015-03-19 20:55:10 -0600 )edit

I am sure you want to share more details...

florian gravatar imageflorian ( 2015-03-19 21:21:45 -0600 )edit

I tested it using ffmpeg's x11grab.

Mohan G gravatar imageMohan G ( 2015-03-19 21:30:44 -0600 )edit

Manage to record x display using ffmpeg's x11grab as root, but not as different user from the one that is running the X display, any more information you can provide

aeperezt gravatar imageaeperezt ( 2015-03-19 22:29:46 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2015-04-08 19:26:57 -0600

Zan Lynx gravatar image

Can't say for sure but I suspect that the user has followed some bad advice and is running xhost +. If you do that, it turns off all access control for the X session and allows absolutely anyone to connect to it.

Or, just guessing since you didn't give a lot of detail, the user's $HOME/.Xauthority file is world-readable. Or the user intentionally used the xauth program to grant access to the SSH user. Or the X server is somehow getting started with the -ac option. Doubtful. I don't even know how you convince gdm to change X's launch options.

Here is a related link http://unix.stackexchange.com/questio...

edit flag offensive delete link more

Comments

This is a fresh install using Fedora-Live-LXDE-x86_64-20-1.iso. I have not changed any configuration.

Mohan G gravatar imageMohan G ( 2015-04-08 22:38:25 -0600 )edit

Question Tools

3 followers

Stats

Asked: 2015-03-19 20:25:34 -0600

Seen: 458 times

Last updated: Apr 08 '15