Vulnerability Development mailing list archives
Re: FW: Possible flaw in XFree?
From: Michael Jennings <mej () kainx org>
Date: Sat, 29 Jun 2002 18:21:38 -0400
On Saturday, 29 June 2002, at 16:38:03 (-0700), Nick Lange wrote:
Which once again leads us back to a point that perhaps more people would agree with, the option should *not* be enabled by default precisely for the annoyance/information loss factor. First off, any user can kill off any other user's session (provided they have access to the hardware running the session) which can lead to potential data loss for any running applications. This could be done out of malice, etc.
If we're talking about Ctrl-Alt-Backspace killing an X session on XFree86 started by startx or the like, then we're talking about an X session running on the main console of a system. Given that fact, said malicious user could just as easily power off the system. Or unplug it. Or any number of other actions allowed by physical access to a workstation/server. This all gets back to the "security of a system to which an attacker has physical access" thread that has been hashed out many times before. I suggest dropping this silliness and consulting a mailing list archive near you. If a user starts X using startx and fails to employ the "exec" technique mentioned earlier, this user should not walk away from his/her terminal. If this user does so, this user is an idiot. The Zap key sequence is a good feature, and the rest of us should not be made to suffer on account of the idiocy of the few. Michael -- Michael Jennings (a.k.a. KainX) http://www.kainx.org/ <mej () kainx org> n+1, Inc., http://www.nplus1.net/ Author, Eterm (www.eterm.org) ----------------------------------------------------------------------- "I have gotten into the habit of recording important meetings. One never knows when an inconvenient truth will fall between the cracks and vanish." -- Ambassador Londo Mollari, Babylon Five
Current thread:
- Re: Possible flaw in XFree?, (continued)
- Re: Possible flaw in XFree? Ross Nelson (Jun 29)
- Re: Possible flaw in XFree? Michael Jennings (Jun 29)
- Simple Wais 1.11 allows users to execute commands as SWAIS deamon. John Thornton (Jun 29)
- Re: Possible flaw in XFree? Edsel Adap (Jun 29)
- Re: Possible flaw in XFree? mdonnelly (Jun 28)
- Re: FW: Possible flaw in XFree? strange (Jun 29)
- Re: FW: Possible flaw in XFree? Nick Lange (Jun 29)
- Re: FW: Possible flaw in XFree? Michael Jennings (Jun 29)
- Re: FW: Possible flaw in XFree? strange (Jun 29)