Re: X11 exploit info
Am Sonntag, 12. Februar 2006 01:29 schrieb Ivor Hewitt:[color=blue]
> On Sunday 12 February 2006 00:09, Christian Mueller wrote:[color=green]
> > Am Samstag, 11. Februar 2006 14:39 schrieb Ivor Hewitt:[color=darkred]
> > > All of these assume I had the ability to gain root access of the machine
> > > that the victim is logged into. So shock horror, it's possible for a
> > > system admin to access my files/session.[/color]
> > Just to state it clearly (as the victim is logged into two machines,
> > his local one and the remote one he connects to using "ssh -X"):
> > Root is needed only on the remote machine.
> > Do you feel it's normal and that everyone is aware(!) that anyone being
> > root (by admin role or by exploit) on a remote machine I "ssh -X" into can
> > do arbitrary things to my *local* X server (keyloggers and faked password
> > dialogs come to mind)? Why should a remote admin have the right to open
> > windows on my local machine. Ok, you could say I allowed him to do that by
> > specifying that very "-X" option.
> 1. You've given permission by explicitly enabling the "-X" option.[/color]
I may have given him permission by the "-X" but that's not what
I intended to do. I just wanted to have windows open locally.
People should be informed that they shouldn't do that.
I didn't at some point. The way it works is all very logical if you think
about it, but what about those who don't ... it's not that obvious.
> 2. Sure people should be aware, but most normal users don't ssh into remote
> machines, and you'd hope that those that do trust the people who run the
> machine they're sshing into.[/color]
I may trust the regular admins but I don't trust the person who hacked
> 3. If this person has remote root rights what's to stop them hacking the ssh
> source code and incorporating a keylogger there? or doing a myriad of
Of course everything that happens on the remote machine is under his control.
Sniffing data and passwords that get to the remote machine in clear text form.
But how would that compromise my local machine and activities?
It's *my* version of the ssh client that's used and that one won't log
keystrokes and send them to Joe Hacker.
>> Visit [url]http://mail.kde.org/mailman/listinfo/kde-devel#unsub[/url] to unsubscribe <<[/color][/color]