Re: X11 exploit info
On Saturday 11 February 2006 19:09, Christian Mueller wrote:[color=blue]
> Am Samstag, 11. Februar 2006 14:39 schrieb Ivor Hewitt:[color=green]
> > All of these assume I had the ability to gain root access of the machine that
> > the victim is logged into. So shock horror, it's possible for a system admin
> > to access my files/session.[/color]
> Just to state it clearly (as the victim is logged into two machines,
> his local one and the remote one he connects to using "ssh -X"):
> Root is needed only on the remote machine.
> Do you feel it's normal and that everyone is aware(!) that anyone being root
> (by admin role or by exploit) on a remote machine I "ssh -X" into can
> do arbitrary things to my *local* X server (keyloggers and faked password
> dialogs come to mind)? Why should a remote admin have the right to open
> windows on my local machine. Ok, you could say I allowed him to do that
> by specifying that very "-X" option.
> I think the warning is justified. It may be a bit off-topic on a
> KDE-specific list though.
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"
>> Visit [url]http://mail.kde.org/mailman/listinfo/kde-devel#unsub[/url] to unsubscribe <<[/color][/color]