Re: Is _your_ Netscape under remote control

impvillage.org

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Peter Skopp: "Re: denial of service - inetd on solaris 2.4?"
• Previous message: Jules van Weerden: "Re: SU ..."
• Maybe in reply to: martinhmailhost.emap.co.uk: "Is _your_ Netscape under remote control"
• Next in thread: der Mouse: "Re: Is _your_ Netscape under remote control"

: Still, there is a significant gap between sniffing/denial of service and
: executing shell commands.  From what I've seen, security-conscious X
: clients (such as xterm) have traditionally made sure they ignored
: syntetic keyboard events, and didn't provide any kind of shell-capable
: remote X interface.

Well, that's true iff the events are marked as synthetic.  I have seen
X servers that neglect to mark events as synthetic if you do an
XSendEvent w/o setting the synthetic field to be true.  I once saw a
semonstration of the so-called secure xterm mechanisms where the
terminal was remotely controlled (yes, the secure bits were set, and
we double checked the same program on a different X server and it
worked like the authors had intended).  This was in the R2 server time
frame, so maybe things have changed somewhat since then.

Warner

• Next message: Peter Skopp: "Re: denial of service - inetd on solaris 2.4?"
• Previous message: Jules van Weerden: "Re: SU ..."
• Maybe in reply to: martinhmailhost.emap.co.uk: "Is _your_ Netscape under remote control"
• Next in thread: der Mouse: "Re: Is _your_ Netscape under remote control"