From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 6ADD4138334 for ; Thu, 11 Jul 2019 16:50:06 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3C707E0825; Thu, 11 Jul 2019 16:49:59 +0000 (UTC) Received: from very.loosely.org (very.loosely.org [173.255.215.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id D2DA5E079E for ; Thu, 11 Jul 2019 16:49:58 +0000 (UTC) Received: from c-67-174-233-217.hsd1.ca.comcast.net ([67.174.233.217]:37802 helo=foolinux.mooo.com) by ahiker.mooo.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92-111-1a207ebe0) (envelope-from ) id 1hlcGb-0008Kf-4e; Thu, 11 Jul 2019 09:49:57 -0700 Date: Thu, 11 Jul 2019 09:49:47 -0700 From: Ian Zimmerman To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] Re: escape from i3lock Message-ID: <20190711164947.jpotcs36eb2ibkm2@matica.foolinux.mooo.com> References: <20190710170342.se2klmfd52dvq6j6@matica.foolinux.mooo.com> <151b19fd-9f07-c9b7-171a-a3925d14cac4@yahoo.fr> <20190710224832.oel5exzte4bayry2@matica.foolinux.mooo.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20180716 X-Loosely-ASN: 7922 X-Archives-Salt: 8e804943-8730-4e68-9410-fca305243a55 X-Archives-Hash: 0ad70b1a5bf8d79859892c10e8842984 On 2019-07-11 10:43, Adam Carter wrote: > > No, it's my way to run things as root, in general. I distrust su, sudo > > and friends. > > > > su is mature, well understood and the standard way of doing things. If you > had run an extra term in your X session that had been su'd to root, you > wouldn't be exposing a root shell at the console. Perhaps your distrust of > su is making you less secure? You might be thinking in absolutes, eg "su > is insecure" but its better to think along the lines of "is > more or less secure than su?" I have specific reason for the distrust [1]. Your argument regarding _relative_ security is well taken. But I still feel that having the root shell outside of my X session would be more secure, providing I close the switching hole. [1] https://www.openwall.com/lists/owl-users/2004/10/20/6 -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet and on broken lists which rewrite From, fetch the TXT record for no-use.mooo.com.