mkogg.py: Fix 'self.get_mp4_metadata(self, source)'

[blog.git] / posts / Screen.mdwn

[Screen][] is a [ncurses][]-based terminal multiplexer.  There are
tons of useful things you can do with it, and innumerable blog posts
describing them.  I have two common use cases:

* On my local host when I don't start X Windows, I login to a
  virtual terminal and run `screen`.  Then I can easily open several
  windows (e.g. for [[Emacs]], [[Mutt]], [[irssi]], …) without having
  to log in on another virtual terminal.
* On remote hosts when I'm doing anything serious, I start `screen`
  immediately aftering [[SSH]]-ing into the remote host.  Then if my
  connection is dropped (or I need to disconnect while I take the
  train in to work), my remote work is waiting for me to pick up where
  I left off.

Treehouse X
===========

Those are useful things, but they are well covered by others.  A few
days ago I though of a cute trick, for increasing security on my local
host, which lead me to finally write up a `screen` post.  I call it
“treehouse X”.  Here's the problem:

You don't like waiting for X to start up when a virtual terminal is
sufficient for your task at hand, so you've set your box up without a
graphical login manager.  However, sometimes you *do* need a graphical
interface (e.g. to use fancy characters via [[Xmodmap]] or the
[[Compose_key]]), so you fire up X with `startx`, and get on with your
life.  But wait!  You have to leave the terminal to do something else
(e.g. teach a class, eat dinner, sleep?).  Being a security-concious
bloke, you lock your screen with [xlockmore][] (using your [[Fluxbox]]
[hotkeys][]).  You leave to complete your task.  While you're gone
Mallory sneaks into your lab.  You've locked your X server, so you
think you're safe, but Mallory jumps to the virtual terminal from
which you started X (using `Ctrl-Alt-F1`, or similar), and kills your
`startx` process with `Ctrl-c`.  Now Mallory can do evil things in
your name, like adding `export EDITOR=vim` to your `.bashrc`.

So how do you protect yourself against this attack?  Enter `screen`
and treehouse X.  If you run `startx` from within a `screen` session,
you can jump back to the virtual terminal yourself, detach from the
sesion, and log out of the virtual terminal.  This is equivalent to
climing into your treehouse (X) and pulling up your rope ladder
(`startx`) behind you, so that you are no longer vulnerable from the
ground (the virtual terminal).  For kicks, you can reattach to the
screen session from an `xterm`, which leads to a fun chicken-and-egg
picture:

[[!img treehouse-X.png
  alt="startx → X → Xterm → Screen → startx cycle"
  caption="startx → X → Xterm → Screen → startx cycle"]]

Of course the whole situation makes sense when you realize that it's
really:

    $ pstree 14542
    screen───bash───startx───xinit─┬─X
                                   └─fluxbox───xterm───bash───screen

where the first `screen` is the server and the second `screen` is the
client.

[screen]: http://www.gnu.org/software/screen/
[ncurses]: http://www.gnu.org/software/ncurses/
[xlockmore]: http://www.tux.org/~bagleyd/xlockmore.html
[hotkeys]:
  http://git.tremily.us/?p=dotfiles-public.git;a=blob;f=src/.fluxbox/keys;hb=HEAD

[[!tag tags/tools]]
[[!tag tags/linux]]