Date: Tue, 23 Apr 1996 09:15:00 -0400 (EDT) From: "Adrian T. Filipi-Martin" <atf3r@stretch.cs.virginia.edu> To: Khetan Gajjar <khetan@iafrica.com> Cc: Jim Dennis <jimd@mistery.mcafee.com>, lenzi@cwbone.bsi.com.br, questions@freebsd.org Subject: Re: xhost Message-ID: <Pine.SUN.3.90.960423090455.20339A-100000@stretch.cs.Virginia.edu> In-Reply-To: <Pine.BSF.3.91.960423095016.223F-100000@ian.iafrica.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 23 Apr 1996, Khetan Gajjar wrote: > How would they do this ? If your server is openly accepting connections from remote clients, all they need to do is write a program that connects to your X server and requests a copy of each keypress event. It does not need to have a visible window on the watched server, so it may not be obvious that it is happening. As an example of how bad this type of security hole can be, I once took the sources to xev, a stock X utility, and commented out about 90% of the code. All I left in were the bits about keypresses. This was sufficient to demonstrate that I could save to file, text that wasn't even echoed on my friends _remote_ display, e.g. a password prompt. > BTW, I run xdm from my rc.local > > Should I be doing it from ttys ? If so, how ? I doesn't make a difference here. Remote users do not have access to your /dev/tty* files. It is open access to your X server that is the problem. This is a nice example of a transitive security problem. (If I can't read your keyboard, I'll talk to something that can.) cheers, Adrian adrian@virginia.edu ---->>>>| Support your local programmer, System Administrator --->>>| STOP Software Patent Abuses NOW! NVL, NIIMS and Telemedicine Labs -->>| For an application and information Member: League for Programming Freedom ->| see: http://www.lpf.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.90.960423090455.20339A-100000>