[Screen][] is a [ncurses][]-based terminal multiplexer. There are tons of useful things you can do with it, and innumerable blog posts describing them. I have two common use cases: * On my local host when I don't start X Windows, I login to a virtual terminal and run `screen`. Then I can easily open several windows (e.g. for [[Emacs]], [[Mutt]], [[irssi]], …) without having to log in on another virtual terminal. * On remote hosts when I'm doing anything serious, I start `screen` immediately aftering [[SSH]]-ing into the remote host. Then if my connection is dropped (or I need to disconnect while I take the train in to work), my remote work is waiting for me to pick up where I left off. Treehouse X =========== Those are useful things, but they are well covered by others. A few days ago I though of a cute trick, for increasing security on my local host, which lead me to finally write up a `screen` post. I call it “treehouse X”. Here's the problem: You don't like waiting for X to start up when a virtual terminal is sufficient for your task at hand, so you've set your box up without a graphical login manager. However, sometimes you *do* need a graphical interface (e.g. to use fancy characters via [[Xmodmap]] or the [[Compose_key]]), so you fire up X with `startx`, and get on with your life. But wait! You have to leave the terminal to do something else (e.g. teach a class, eat dinner, sleep?). Being a security-concious bloke, you lock your screen with [xlockmore][] (using your [[Fluxbox]] [hotkeys][]). You leave to complete your task. While you're gone Mallory sneaks into your lab. You've locked your X server, so you think you're safe, but Mallory jumps to the virtual terminal from which you started X (using `Ctrl-Alt-F1`, or similar), and kills your `startx` process with `Ctrl-c`. Now Mallory can do evil things in your name, like adding `export EDITOR=vim` to your `.bashrc`. So how do you protect yourself against this attack? Enter `screen` and treehouse X. If you run `startx` from within a `screen` session, you can jump back to the virtual terminal yourself, detach from the sesion, and log out of the virtual terminal. This is equivalent to climing into your treehouse (X) and pulling up your rope ladder (`startx`) behind you, so that you are no longer vulnerable from the ground (the virtual terminal). For kicks, you can reattach to the screen session from an `xterm`, which leads to a fun chicken-and-egg picture: [[!img treehouse-X.png alt="startx → X → Xterm → Screen → startx cycle" caption="startx → X → Xterm → Screen → startx cycle"]] Of course the whole situation makes sense when you realize that it's really: $ pstree 14542 screen───bash───startx───xinit─┬─X └─fluxbox───xterm───bash───screen where the first `screen` is the server and the second `screen` is the client. [screen]: http://www.gnu.org/software/screen/ [ncurses]: http://www.gnu.org/software/ncurses/ [xlockmore]: http://www.tux.org/~bagleyd/xlockmore.html [hotkeys]: http://git.tremily.us/?p=dotfiles-public.git;a=blob;f=src/.fluxbox/keys;hb=HEAD [[!tag tags/tools]] [[!tag tags/linux]]