Disable TTY switching when locked

[GoldsteinE]

If user is logged in on another TTY, it’s possible to switch to it with Ctrl+Alt+F*. physlock, for example, mitigates this by disabling TTY switch when locked.

[divVerent]

This is correct - xsecurelock locks an X session but not the entire computer. This is not a security issue as logging in on another TTY requires a password too, but is indeed noteworthy. To lock the entire computer, something like physlock is needed indeed.

On Sat, Jul 30, 2022, 14:47 Goldstein @.***> wrote:

If user is logged in on another TTY, it’s possible to switch to it with Ctrl+Alt+F*. physlock, for example, mitigates this by disabling TTY switch when locked.

— Reply to this email directly, view it on GitHub https://github.com/google/xsecurelock/issues/149, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAB5NMB5MZZILRM45VYH6UTVWV2CNANCNFSM55DUAROA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[NathanC]

Is it possible to detect if another TTY has an active login? I know I've forgotten I had a TTY active in the past. It would be cool if there was a red warning or something indicating another login.

Low priority though.

[divVerent]

That is a cool idea. I know a few half-baked ways - gotta see what the best way is nowadays.

And red warnings on the login screen have precedent - e.g. we already have a caps lock warning.

Note that not always is an open TTY a problem - e.g. there are lock utilities for those too (famously "screen" contains one). Gotta see if there is some API that tells me if any such session is actually open and not locked.

Am So., 6. Nov. 2022 um 16:46 Uhr schrieb Nathan @.***>:

Is it possible to detect if another TTY has an active login? I know I've forgotten I had a TTY active in the past. It would be cool if there was a red warning or something indicating another login.

Low priority though.

— Reply to this email directly, view it on GitHub https://github.com/google/xsecurelock/issues/149#issuecomment-1304952925, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAB5NMABXVWAB7KY56WS45TWHA7NTANCNFSM55DUAROA . You are receiving this because you commented.Message ID: @.***>

[NathanC]

I'd argue the feature should be on by default, but disableable. In practice, the number of people using this lock screen with a TTY also using a lock screen seems like it would be pretty low, and you could probably manually do some logic to check for one or two of the most popular TTY locks. I'd rather have false positives than false negatives though.

btw I just swapped out my desktop screensaver (which was seriously bugged) with this. Thanks for making such a useful tool!

[NathanC]

I doubt there's an API that can consistently you if a particular session is locked or not though, just my gut impression. I'd expect different tools use different methods, and you'd have to check for popular ones.

Some resources:

• https://superuser.com/questions/965697/tty-and-x-session-locking
• https://unix.stackexchange.com/questions/516767/how-to-find-unlocked-tty-in-linux

[ghost]

I would like this option too. Maybe something like XSECURELOCK_DISABLE_TTY=1. Maybe one way this can be achived is by disabling the default TTY keybinds while xscreenlock is running.

[divVerent]

This requires root rights of xsecurelock. Instead I suggest creating a wrapper script that does this and is set up and run via sudo.

On Sun, Dec 4, 2022, 02:00 tuxy @.***> wrote:

I would like this option too. Maybe something like XSECURELOCK_DISABLE_TTY=1. Maybe one way this can be achived is by disabling the default TTY keybinds while xscreenlock is running.

— Reply to this email directly, view it on GitHub https://github.com/google/xsecurelock/issues/149#issuecomment-1336336377, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAB5NMD4DVXOTEE5ZCL4FVTWLQ6PBANCNFSM55DUAROA . You are receiving this because you commented.Message ID: @.***>