|
Vulnerability Development
mailing list archives
Problem with xkill
From: Anthony Gruppuso <AGruppus () jcals army mil>
Date: Fri, 22 Mar 2002 14:54:03 -0500
To all,
I don't know what possesed me to try this, but under Digital UNIX 5.0,
as a normal user, I was able to set my DISPLAY to the IP address of
another user who was running a seperate session, and run xkill.
Naturally the xkill cursor was sent to the display of the 'other'
normal user, but what amazed me, was the my xkill process, as a normal
user, was able to kill a process that did not belong to me. The other
user clicked the cursor on an xterm, and it died. I checked to see if
the xkill binary was setuid root, but it was not. This is definatley
not a good 'feature.' :) Input on this logic would be greatly
appreciated.
Best Regards,
Anthony (Joe) Gruppuso
 By Date 
By Thread
Current thread:
- Problem with xkill Anthony Gruppuso (Mar 22)
|
Intro
