OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Ron DuFresne (dufresnewinternet.com)
Date: Mon Mar 25 2002 - 12:51:53 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Mon, 25 Mar 2002, Joe Gruppuso wrote:

    > This was merely a controlled experiment; I was curious at to what it
    > would do (In otherwards, I asked for the ability to be able to access
    > the remote display.) This brought forth realization that xkill, in
    > application, behaves nothing like kill. Thank you all for the input, it
    > was most helpful.

    of course, unless you are root on the X-server, or have assumed the
    display, and thus the user identity <as was done here> of another, you
    should not beable to x-kill just any client. so, for at least part of
    this discuassion and issue, x-kill is working similiar to kill in this
    regard. This is what others are saying as regards the security measures
    in place, at least at the time of this 'experiment'.

    Thanks,

    Ron DuFresne

    >
    > -----Original Message-----
    > From: Michel Arboi [mailto:arboiyahoo.com]
    > Sent: Saturday, March 23, 2002 10:09 AM
    > To: anthony gruppuso
    > Cc: Bugtraqsecurityfocus.com; vuln-devsecurityfocus.com
    > Subject: RE: Problem with xkill
    >
    >
    > --- anthony gruppuso <agruppusjcals.army.mil> a icrit :
    > > I understand that, we use a very strict host access control list here
    > > on all Xserver based devices/products
    >
    > Obviously not, as you could connect to another display.
    >
    > > I just thought it was interesting that xkill behaved in that manner.
    > > Initally I was under the impression that it would function like a
    > > graphical kill, but apparently that is not the case.
    >
    > I'm not sure what you call "graphical kill", but once the connection tp
    > the X server is cut, there is nothing than the client can do, apart
    > from saving its data and exiting nicely.
    > Most client just die on SIGPIPE.
    >
    >
    > ___________________________________________________________
    > Do You Yahoo!? -- Une adresse yahoo.fr gratuite et en frangais !
    > Yahoo! Mail : http://fr.mail.yahoo.com
    >

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    "Cutting the space budget really restores my faith in humanity. It
    eliminates dreams, goals, and ideals and lets us get straight to the
    business of hate, debauchery, and self-annihilation." -- Johnny Hart
            ***testing, only testing, and damn good at it too!***

    OK, so you're a Ph.D. Just don't touch anything.