Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

RE: Problem with xkill
From: anthony gruppuso <agruppus () jcals army mil>
Date: Fri, 22 Mar 2002 17:19:11 -0500
I understand that, we use a very strict host access control list here on
all Xserver based devices/products; I just thought it was interesting
that xkill behaved in that manner.  Initally I was under the impression
that it would function like a graphical kill, but apparently that is not
the case.

Anthony (Joe) Gruppuso

-----Original Message-----
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu]
Sent: Friday, March 22, 2002 5:09 PM
To: Anthony Gruppuso
Cc: Bugtraq () securityfocus com; vuln-dev () securityfocus com
Subject: Re: Problem with xkill 


On Fri, 22 Mar 2002 14:54:03 EST, Anthony Gruppuso said:


I don't know what possesed me to try this, but under Digital UNIX 5.0,
as a normal user, I was able to set my DISPLAY to the IP address of
another user who was running a seperate session, and run xkill.


xkill (like any other X client) uses the standard X access control
scheme.

Most likely, the other user had done an 'xhost +' or 'xhost +yourhost'.

That's why xauth and friends exist, to stop games like this...

-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]