Vulnerability Development mailing list archives
Re: Possible flaw in XFree?
From: Timothy J.Miller <cerebus () sackheads org>
Date: Sat, 29 Jun 2002 15:27:22 -0500
On Friday, June 28, 2002, at 08:20 PM, Nick Lange wrote:
I would suggest taking this up with the developers of X and Xlock,
I wouldn't. Mr. Zanatta is misunderstanding the purpose of xlock and the design of X11. In this case, the Zap keystroke combination is *not* passed to the application holding focus (xlock) unless it is disabled in the X11 configuration. IOW, X11 gets the event first, and xlock cannot-- in the normal course of Xevent flow-- supersede it.
Secondly, xlock is not intended to prevent the system from being used by another session; it simply locks the given X session.
I would suggest that the flaw here is invoking X from the command shell, not any flaw in X11 or xlock. Instead, the user should be using XDM or any of its clones.
IIRC this (and its consequences) is all detailed in both the X11 docs and xlock docs.
-- Cerebus
Current thread:
- Possible flaw in XFree? William N. Zanatta (Jun 28)
- Re: Possible flaw in XFree? Philip Rowlands (Jun 28)
- Re: Possible flaw in XFree? Jedi/Sector One (Jun 28)
- Re: Possible flaw in XFree? mdonnelly (Jun 28)
- Re: Possible flaw in XFree? Vanja Hrustic (Jun 28)
- Re: Possible flaw in XFree? Valdis . Kletnieks (Jun 28)
- Re: Possible flaw in XFree? Nuno Branco (Jun 28)
- Re: Possible flaw in XFree? Vilmos Soti (Jun 28)
- Message not available
- Re: Possible flaw in XFree? William N. Zanatta (Jun 28)
- Re: Possible flaw in XFree? Nick Lange (Jun 28)
- Re: Possible flaw in XFree? Timothy J . Miller (Jun 29)
- Re: Possible flaw in XFree? strange (Jun 28)
- Re: Possible flaw in XFree? Ross Nelson (Jun 29)
- Re: Possible flaw in XFree? Michael Jennings (Jun 29)
- Simple Wais 1.11 allows users to execute commands as SWAIS deamon. John Thornton (Jun 29)
- Re: Possible flaw in XFree? William N. Zanatta (Jun 28)
- Re: Possible flaw in XFree? Edsel Adap (Jun 29)
- <Possible follow-ups>
- Re: Possible flaw in XFree? Patrick van Zweden (Jun 28)
- Re: Possible flaw in XFree? mdonnelly (Jun 28)
- FW: Possible flaw in XFree? Andy Wood (Jun 29)
- Re: FW: Possible flaw in XFree? strange (Jun 29)