Re: X11 exploit info

On Saturday 11 February 2006 12:15, Dave Feustel wrote:[color=blue]
>
> 05-Jul-2004: SSH Users beware: The hazards of X11 forwarding
> Logging into another machine can compromise your desktop...
>[/color]
" If someone on the server can read your ~/.Xauthority file (hopefully only
root, but if you have bad file permissions you're in trouble),"

I'm sorry, thats just too stupid to be worth commenting on.
[color=blue]
> 08-Jun-2004: The ease of (ab)using X11, Part 2
> Abusing X11 for fun and passwords.
>[/color]
and again:

"First, log into the victim's desktop, become root, and set up your
environment to access his X11 server:"
[color=blue]
> 13-May-2004: The ease of (ab)using X11, Part 1
> X11 is the protocol that underlies your graphical desktop environment, and
> you need to be aware of its security model.
>[/color]

and again:

"Now I need to get access to his magic cookies. Since I'm root, I can read all
files on the filesystem, so I just need to let the underlying X11 calls know
where "my" .Xauthority file lives:"

All of these assume I had the ability to gain root access of the machine that
the victim is logged into. So shock horror, it's possible for a system admin
to access my files/session.

--
Ivor Hewitt.
[color=blue][color=green]
>> Visit [url]http://mail.kde.org/mailman/listinfo/kde-devel#unsub[/url] to unsubscribe <<[/color][/color]