Date: Tue, 15 Sep 1998 22:25:03 +0000 From: Niall Smart <rotel@indigo.ie> To: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>, Karl Denninger <karl@denninger.net> Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, Josef Karthauser <joe@pavilion.net>, Jay Tribick <netadmin@fastnet.co.uk>, freebsd-security@FreeBSD.ORG Subject: Re: X Security (was: Re: Err.. cat exploit.. (!)) Message-ID: <199809152125.WAA01218@indigo.ie> In-Reply-To: <199809131615.JAA03746@cwsys.cwsent.com>; Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Indiscriminately displaying files without terminal control enforced (ie: by > > a pager) is EXTREMELY dangerous, especially if you're running with > > privileges (ie: as root). > > That is why doing an xhost + or even and xhost hostname even to hosts > that you think you trust is so dangerous. It is easy for someone to > inject some "keystrokes" into an Xterm to get a root shell on a host > that one is logged into. Actually, xterm will not accept synthetically generated keystrokes from XSendEvent by default, but there is nothing stopping someone from capturing keystrokes and other events. This is a pretty pedantic point, anyone using xhost to manage X security deserves to get stung. Niall -- Niall Smart, rotel@indigo.ie. Amaze your friends and annoy your enemies: echo '#define if(x) if (!(x))' >> /usr/include/stdio.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809152125.WAA01218>