Vulnerability Development: Re: Problem with xkill

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: Problem with xkill

From: Michel Arboi <arboi () yahoo com>
Date: Sat, 23 Mar 2002 16:05:33 +0100 (CET)

 --- Anthony Gruppuso <AGruppus () jcals army mil> a écrit :

but what amazed me, was the my xkill process, as a
normal user, was able to kill a process that did not belong to me.


As others have already told you, xkill does not kill the process, it
just shuts down the connection between the client and the X server.

if the xkill binary was setuid root, but it was not.


You miss something fundamental here: X is a _network_ protocol. That
you are root, administrator or whoever on your machine does not mean 
anything to the remote X server.

This is definatley not a good 'feature.' :)


Yes it is. You should control access to your X server with xhost,
xauth, and options like -nolistentcp
Otherwise, worse things could happen like somebody grabing your
passwords.




___________________________________________________________
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com

By Date By Thread

Current thread:

Problem with xkill Anthony Gruppuso (Mar 22)
- Re: Problem with xkill xm (Mar 22)
- Re: Problem with xkill Valdis . Kletnieks (Mar 22)
- Re: Problem with xkill Michel Arboi (Mar 23)
- <Possible follow-ups>
- RE: Problem with xkill anthony gruppuso (Mar 22)
  - RE: Problem with xkill Ron DuFresne (Mar 22)
    - Re: Problem with xkill KF (Mar 23)
  - RE: Problem with xkill Michel Arboi (Mar 23)
- RE: Problem with xkill Joe Gruppuso (Mar 25)