Vulnerability Development: Re: Problem with xkill

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: Problem with xkill

From: Valdis.Kletnieks () vt edu
Date: Fri, 22 Mar 2002 17:09:15 -0500

On Fri, 22 Mar 2002 14:54:03 EST, Anthony Gruppuso said:

I don't know what possesed me to try this, but under Digital UNIX 5.0,
as a normal user, I was able to set my DISPLAY to the IP address of
another user who was running a seperate session, and run xkill.


xkill (like any other X client) uses the standard X access control scheme.

Most likely, the other user had done an 'xhost +' or 'xhost +yourhost'.

That's why xauth and friends exist, to stop games like this...

-- 
                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech

Attachment: _bin
Description:

By Date By Thread

Current thread:

Problem with xkill Anthony Gruppuso (Mar 22)
- Re: Problem with xkill xm (Mar 22)
- Re: Problem with xkill Valdis . Kletnieks (Mar 22)
- Re: Problem with xkill Michel Arboi (Mar 23)
- <Possible follow-ups>
- RE: Problem with xkill anthony gruppuso (Mar 22)
  - RE: Problem with xkill Ron DuFresne (Mar 22)
    - Re: Problem with xkill KF (Mar 23)
  - RE: Problem with xkill Michel Arboi (Mar 23)