Vulnerability Development mailing list archives
Re: Problem with xkill
From: Michel Arboi <arboi () yahoo com>
Date: Sat, 23 Mar 2002 16:05:33 +0100 (CET)
--- Anthony Gruppuso <AGruppus () jcals army mil> a écrit :
but what amazed me, was the my xkill process, as a normal user, was able to kill a process that did not belong to me.
As others have already told you, xkill does not kill the process, it just shuts down the connection between the client and the X server.
if the xkill binary was setuid root, but it was not.
You miss something fundamental here: X is a _network_ protocol. That you are root, administrator or whoever on your machine does not mean anything to the remote X server.
This is definatley not a good 'feature.' :)
Yes it is. You should control access to your X server with xhost, xauth, and options like -nolistentcp Otherwise, worse things could happen like somebody grabing your passwords. ___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com
Current thread:
- Problem with xkill Anthony Gruppuso (Mar 22)
- Re: Problem with xkill xm (Mar 22)
- Re: Problem with xkill Valdis . Kletnieks (Mar 22)
- Re: Problem with xkill Michel Arboi (Mar 23)
- <Possible follow-ups>
- RE: Problem with xkill anthony gruppuso (Mar 22)
- RE: Problem with xkill Ron DuFresne (Mar 22)
- Re: Problem with xkill KF (Mar 23)
- RE: Problem with xkill Michel Arboi (Mar 23)
- RE: Problem with xkill Ron DuFresne (Mar 22)
- RE: Problem with xkill Joe Gruppuso (Mar 25)
- RE: Problem with xkill Ron DuFresne (Mar 25)
- RE: Problem with xkill Sumit Dhar (Mar 26)
- RE: Problem with xkill Ron DuFresne (Mar 25)