Vulnerability Development: Re: Problem with xkill

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: Problem with xkill

From: xm <xm () while1 net>
Date: Fri, 22 Mar 2002 17:06:47 -0500 (EST)

On Fri, 22 Mar 2002, Anthony Gruppuso wrote:

normal user, but what amazed me, was the my xkill process, as a normal
user, was able to kill a process that did not belong to me.  The other
user clicked the cursor on an xterm, and it died.  I checked to see if
the xkill binary was setuid root, but it was not.  This is definatley
not a good 'feature.' :)  Input on this logic would be greatly

From the Linux xkill manpage:


       Xkill is a utility for forcing the X server to close  con-
       nections  to clients.

It is not directly killing the program but forcing the X server to close
the client's connection. The security issue at hand is allowing you to
connect to his xserver (with the xkill binary).

-- 
xm () while1 net           (http://while1.net/)

By Date By Thread

Current thread:

Problem with xkill Anthony Gruppuso (Mar 22)
- Re: Problem with xkill xm (Mar 22)
- Re: Problem with xkill Valdis . Kletnieks (Mar 22)
- Re: Problem with xkill Michel Arboi (Mar 23)
- <Possible follow-ups>
- RE: Problem with xkill anthony gruppuso (Mar 22)
  - RE: Problem with xkill Ron DuFresne (Mar 22)
    - Re: Problem with xkill KF (Mar 23)