From owner-freebsd-security  Tue Oct  3 10:35:15 2000
Delivered-To: freebsd-security@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4585537B503; Tue,  3 Oct 2000 10:35:11 -0700 (PDT)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id NAA42007;
	Tue, 3 Oct 2000 13:35:10 -0400 (EDT)
	(envelope-from wollman)
Date: Tue, 3 Oct 2000 13:35:10 -0400 (EDT)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <200010031735.NAA42007@khavrinen.lcs.mit.edu>
To: Robert Watson <rwatson@FreeBSD.ORG>
Cc: security@FreeBSD.ORG
Subject: Re: Multiple userids, one user
In-Reply-To: <Pine.NEB.3.96L.1001001095522.53359A-100000@fledge.watson.org>
References: <200010010526.BAA12242@khavrinen.lcs.mit.edu>
	<Pine.NEB.3.96L.1001001095522.53359A-100000@fledge.watson.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

<<On Sun, 1 Oct 2000 10:01:51 -0400 (EDT), Robert Watson <rwatson@FreeBSD.ORG> said:

> providing the application with unfettered access to your X display does a

I don't.  The insecure applications run under a completely separate X
server.  Barring any gaping security holes in the X server, there is
no way for these applications (netscape specifically) to communicate
with those running in the more-trustworthy domain.

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message