oss-sec mailing list archives
Re: request CVE id: insecure handling of DISPLAY in rxvt
From: Steve Kemp <steve () steve org uk>
Date: Wed, 5 Mar 2008 09:24:32 +0000
On Wed Mar 05, 2008 at 10:19:09 +0100, Tomas Hoger wrote:
Yes, many assumptions and ifs, but still silently assuming DISPLAY=:0 when no DISPLAY is set does not sound like a safe default.
Agreed.
But then I also don't understant what you mean by "setup an fake X server waiting for someone loggin in..."
This should be a matter of running 'startx' appropriately. I was under the misapprehension that only root could startup X, but that seems not to be the case. Providing the host wasn't already running X then it might be possible for local users to launch a copy they control.
Could you describe the attack scenario in a bit more details?
I'd look forward to that too. Steve -- # The Debian Security Audit Project. http://www.debian.org/security/audit
Current thread:
- request CVE id: insecure handling of DISPLAY in rxvt Nico Golde (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steven M. Christey (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steve Kemp (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Tomas Hoger (Mar 05)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steve Kemp (Mar 05)
- wiki: Debian, auditing tools, vendor-sec Solar Designer (Mar 05)
- Re: wiki: Debian, auditing tools, vendor-sec Steve Kemp (Mar 05)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steve Kemp (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Nico Golde (Mar 05)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Steven M. Christey (Mar 04)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Nico Golde (Mar 05)
- Re: request CVE id: insecure handling of DISPLAY in rxvt Bernhard R. Link (Mar 28)