Vulnerability Development mailing list archives
RE: Problem with xkill
From: anthony gruppuso <agruppus () jcals army mil>
Date: Fri, 22 Mar 2002 17:19:11 -0500
I understand that, we use a very strict host access control list here on all Xserver based devices/products; I just thought it was interesting that xkill behaved in that manner. Initally I was under the impression that it would function like a graphical kill, but apparently that is not the case. Anthony (Joe) Gruppuso -----Original Message----- From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] Sent: Friday, March 22, 2002 5:09 PM To: Anthony Gruppuso Cc: Bugtraq () securityfocus com; vuln-dev () securityfocus com Subject: Re: Problem with xkill On Fri, 22 Mar 2002 14:54:03 EST, Anthony Gruppuso said:
I don't know what possesed me to try this, but under Digital UNIX 5.0, as a normal user, I was able to set my DISPLAY to the IP address of another user who was running a seperate session, and run xkill.
xkill (like any other X client) uses the standard X access control
scheme.
Most likely, the other user had done an 'xhost +' or 'xhost +yourhost'.
That's why xauth and friends exist, to stop games like this...
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
Current thread:
- Problem with xkill Anthony Gruppuso (Mar 22)
- Re: Problem with xkill xm (Mar 22)
- Re: Problem with xkill Valdis . Kletnieks (Mar 22)
- Re: Problem with xkill Michel Arboi (Mar 23)
- <Possible follow-ups>
- RE: Problem with xkill anthony gruppuso (Mar 22)
- RE: Problem with xkill Ron DuFresne (Mar 22)
- Re: Problem with xkill KF (Mar 23)
- RE: Problem with xkill Michel Arboi (Mar 23)
- RE: Problem with xkill Ron DuFresne (Mar 22)
- RE: Problem with xkill Joe Gruppuso (Mar 25)
- RE: Problem with xkill Ron DuFresne (Mar 25)
- RE: Problem with xkill Sumit Dhar (Mar 26)
- RE: Problem with xkill Ron DuFresne (Mar 25)