Date: Sun, 13 Sep 1998 11:32:39 +0200 From: Stefan Eggers <seggers@semyam.dinoco.de> To: andrew@squiz.co.nz Cc: Jay Tribick <netadmin@fastnet.co.uk>, freebsd-security@FreeBSD.ORG, seggers@semyam.dinoco.de Subject: Re: Err.. cat exploit.. (!) Message-ID: <199809130932.LAA02989@semyam.dinoco.de> In-Reply-To: Your message of "Fri, 11 Sep 1998 07:39:59 %2B1200." <Pine.BSF.3.96.980911052523.4130A-100000@aniwa.sky>
next in thread | previous in thread | raw e-mail | index | archive | help
> about xterm escape sequences and so forth, but scanning through the > man page for xterm, the 'string' action stands out as potentially highly > dangerous unless care has been taken to limit it's impact. As I understand it these actions are meant for use in X resources to bind keys to certain actions. So if one makes sure that the resources are only loaded with user specified ones (as Xsession - which is used by xdm - seems to do if one doesn't have an ~/.xsession) and the X server disallows all accesses to other users only oneself can have set these. Or do I misunderstand something here? Stefan. -- Stefan Eggers Lu4 yao2 zhi1 ma3 li4, Max-Slevogt-Str. 1 ri4 jiu3 jian4 ren2 xin1. 51109 Koeln Federal Republic of Germany To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809130932.LAA02989>