On Saturday 11 February 2006 12:15, Dave Feustel wrote:
>
> 05-Jul-2004: SSH Users beware: The hazards of X11 forwarding
> Logging into another machine can compromise your desktop...
>

" If someone on the server can read your ~/.Xauthority file (hopefully only
root, but if you have bad file permissions you're in trouble),"

I'm sorry, thats just too stupid to be worth commenting on.

> 08-Jun-2004: The ease of (ab)using X11, Part 2
> Abusing X11 for fun and passwords.
>

and again:

"First, log into the victim's desktop, become root, and set up your
environment to access his X11 server:"

> 13-May-2004: The ease of (ab)using X11, Part 1
> X11 is the protocol that underlies your graphical desktop environment, and
> you need to be aware of its security model.
>


and again:

"Now I need to get access to his magic cookies. Since I'm root, I can read all
files on the filesystem, so I just need to let the underlying X11 calls know
where "my" .Xauthority file lives:"

All of these assume I had the ability to gain root access of the machine that
the victim is logged into. So shock horror, it's possible for a system admin
to access my files/session.

--
Ivor Hewitt.

>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<