Vulnerability Development mailing list archives
Re: Possible flaw in XFree?
From: Michael Jennings <mej () kainx org>
Date: Sat, 29 Jun 2002 13:08:49 -0400
On Friday, 28 June 2002, at 07:37:04 (-0500), Ross Nelson wrote:
However, the point of xlock is to lock it and prevent things like that.
Uh, no. The point of xlock is to lock the *session*, not the machine.
I see what you're saying, but if they can do that then there's no point in locking.
Sure there is. Users lock sessions to prevent other users from gaining access to their authentication. If I'm logged in via X, and do not lock my session, another user can sit down at my station, start up a new terminal window, and do whatever he likes with all the privileges I have. Locking the session prevents him from doing naughty things as me. It doesn't prevent him from logging in as himself, nor should it.
Also, have you tried opening a second X server on one box at the same time? I haven't tried and was wondering if that'd actually work.
Of course it works. That's what multiple displays are all about. Try "startx -- :1" Michael -- Michael Jennings (a.k.a. KainX) http://www.kainx.org/ <mej () kainx org> n+1, Inc., http://www.nplus1.net/ Author, Eterm (www.eterm.org) ----------------------------------------------------------------------- "The Swiss have an interesting army. Five hundred years without a war. Pretty impressive. Also pretty lucky for them. Ever see that little Swiss Army knife they have to fight with? Not much of a weapon there. Corkscrews. Bottle openers. 'Come on, buddy, let's go. You get past me, the guy in back of me, he's got a spoon. Back off. I've got the toe clippers right here.' " -- Jerry Seinfeld
Current thread:
- Re: Possible flaw in XFree?, (continued)
- Re: Possible flaw in XFree? mdonnelly (Jun 28)
- Re: Possible flaw in XFree? Vanja Hrustic (Jun 28)
- Re: Possible flaw in XFree? Valdis . Kletnieks (Jun 28)
- Re: Possible flaw in XFree? Nuno Branco (Jun 28)
- Re: Possible flaw in XFree? Vilmos Soti (Jun 28)
- Message not available
- Re: Possible flaw in XFree? William N. Zanatta (Jun 28)
- Re: Possible flaw in XFree? Nick Lange (Jun 28)
- Re: Possible flaw in XFree? Timothy J . Miller (Jun 29)
- Re: Possible flaw in XFree? strange (Jun 28)
- Re: Possible flaw in XFree? Ross Nelson (Jun 29)
- Re: Possible flaw in XFree? Michael Jennings (Jun 29)
- Simple Wais 1.11 allows users to execute commands as SWAIS deamon. John Thornton (Jun 29)
- Re: Possible flaw in XFree? William N. Zanatta (Jun 28)
- Re: Possible flaw in XFree? Edsel Adap (Jun 29)
- Re: Possible flaw in XFree? mdonnelly (Jun 28)
- Re: FW: Possible flaw in XFree? strange (Jun 29)
- Re: FW: Possible flaw in XFree? Nick Lange (Jun 29)
- Re: FW: Possible flaw in XFree? Michael Jennings (Jun 29)
- Re: FW: Possible flaw in XFree? strange (Jun 29)