From owner-freebsd-security  Tue Sep 15 14:33:24 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA10437
          for freebsd-security-outgoing; Tue, 15 Sep 1998 14:33:24 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from indigo.ie (ts02-067.dublin.indigo.ie [194.125.134.197])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA10360
          for <freebsd-security@FreeBSD.ORG>; Tue, 15 Sep 1998 14:33:11 -0700 (PDT)
          (envelope-from rotel@indigo.ie)
Received: (from nsmart@localhost)
	by indigo.ie (8.8.8/8.8.7) id WAA01218;
	Tue, 15 Sep 1998 22:25:04 +0100 (IST)
	(envelope-from rotel@indigo.ie)
From: Niall Smart <rotel@indigo.ie>
Message-Id: <199809152125.WAA01218@indigo.ie>
Date: Tue, 15 Sep 1998 22:25:03 +0000
In-Reply-To: <199809131615.JAA03746@cwsys.cwsent.com>; Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>
Reply-To: rotel@indigo.ie
X-Files: The truth is out there
X-Mailer: Mail User's Shell (7.2.6 beta(3) 11/17/96)
To: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>,
        Karl Denninger <karl@denninger.net>
Subject: Re: X Security (was: Re: Err.. cat exploit.. (!))
Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>,
        Josef Karthauser <joe@pavilion.net>,
        Jay Tribick <netadmin@fastnet.co.uk>, freebsd-security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


> > Indiscriminately displaying files without terminal control enforced (ie: by
> > a pager) is EXTREMELY dangerous, especially if you're running with
> > privileges (ie: as root).
> 
> That is why doing an xhost + or even and xhost hostname even to hosts 
> that you think you trust is so dangerous.  It is easy for someone to 
> inject some "keystrokes" into an Xterm to get a root shell on a host 
> that one is logged into.

Actually, xterm will not accept synthetically generated keystrokes
from XSendEvent by default, but there is nothing stopping someone
from capturing keystrokes and other events.  This is a pretty
pedantic point, anyone using xhost to manage X security deserves
to get stung.

Niall

-- 
Niall Smart, rotel@indigo.ie.
Amaze your friends and annoy your enemies:
echo '#define if(x) if (!(x))' >> /usr/include/stdio.h

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message