|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: anthony gruppuso (agruppus
jcals.army.mil)Date: Fri Mar 22 2002 - 16:19:11 CST
I understand that, we use a very strict host access control list here on
all Xserver based devices/products; I just thought it was interesting
that xkill behaved in that manner. Initally I was under the impression
that it would function like a graphical kill, but apparently that is not
the case.
Anthony (Joe) Gruppuso
-----Original Message-----
From: Valdis.Kletnieksvt.edu [mailto:Valdis.Kletnieksvt.edu]
Sent: Friday, March 22, 2002 5:09 PM
To: Anthony Gruppuso
Cc: Bugtraqsecurityfocus.com; vuln-devsecurityfocus.com
Subject: Re: Problem with xkill
On Fri, 22 Mar 2002 14:54:03 EST, Anthony Gruppuso said:
> I don't know what possesed me to try this, but under Digital UNIX 5.0,
> as a normal user, I was able to set my DISPLAY to the IP address of
> another user who was running a seperate session, and run xkill.
xkill (like any other X client) uses the standard X access control
scheme.
Most likely, the other user had done an 'xhost +' or 'xhost +yourhost'.
That's why xauth and friends exist, to stop games like this...
-- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]