CentOS - Feb 2008 - Lock session vs. End session

In security terms, is there any difference between ending a session (logout of 
X) and locking a session?

Anne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL:
<http://lists.centos.org/pipermail/centos/attachments/20080214/65f16711/attachment.sig>

Anne Wilson wrote:
> In security terms, is there any difference between ending a session (logout
of
> X) and locking a session?
> 
> Anne
If I understand what you are asking - yes.
By lock session, you mean "Lock Screen" ??

If you just lock the session - your user is still the console use and 
has permission to write to certain device nodes. When you log out, your 
user gives up those permissions.

[mpeters at athens ~]$ ls -l /dev/ |grep mpeters |wc -l
29
[mpeters at athens ~]$

That's 29 device nodes that I have permission on because I am the 
console user. When I log out, they revert to default (typically root) 
ownership.

For example - lock your screen and ssh in from elsewhere - then run the 
eject command. The CD tray should shoot out (unless you have a slot 
loader ...)

Log out at the console and try it - it will fail:

[mpeters at athens ~]$ ssh jerusalem
mpeters at jerusalem's password:
Last login: Tue Feb 12 01:55:49 2008 from 192.168.15.100
[mpeters at jerusalem ~]$ eject
eject: unable to open `/dev/hdc'
[mpeters at jerusalem ~]$



There also are some userspace daemons that often start up when you are 
logged in (IE in gnome) that exit when you actually log out.