1. Problem
2. Solution
3. References

Problem

After logging into a Linux virtual terminal, running startx to launch your graphical desktop session leaves the virtual terminal open to keyboard input. Anyone can switch back to the virtual terminal where you logged in (using the Control+Alt+Fn keys) and then suspend (with Control+Z), interrupt (with Control+C), or even terminate (with Control+4) your startx process along with the graphical desktop session it powers. Doing so, they gain access to the underlying shell that ran startx and thus assume your identity on your system and then it’s game over, you lose! :-(

Solution

Have startx take over the Linux virtual terminal from which it was launched, thereby protecting the underlying shell from keyboard input, by setting the XDG_VTNR environment variable to the number of that Linux virtual terminal:

env XDG_VTNR=$( tty | tr -dc 0-9 ) startx

Next, instead of manually running the above command every time you log in, you can automate it just on the first Linux virtual terminal (because sometimes you just need direct access to the shell and not the full-blown graphical desktop environment) by adding the following snippet to your ~/.profile shell startup file:

# start X when logging into first virtual terminal
# see /etc/X11/xinit/xserverrc for $XDG_VTNR trick
test -z "$DISPLAY" -a "$(tty)" = /dev/tty1 &&
exec env XDG_VTNR=1 startx > ~/.xsession-errors 2>&1

References

• /etc/X11/xinit/xserverrc taught me about the $XDG_VTNR trick.