--===============1080072618==
Content-Type: multipart/signed;
boundary="nextPart6873277.u0KoTO5Lxg";
protocol="application/pgp-signature";
micalg=pgp-sha1
Content-Transfer-Encoding: 7bit

--nextPart6873277.u0KoTO5Lxg
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Dne ned=C4=9Ble 12 =C3=BAnor 2006 13:12 Christian Mueller napsal(a):
> Am Sonntag, 12. Februar 2006 12:23 schrieb Dave Feustel:
> > On Sunday 12 February 2006 06:02, Ivor Hewitt wrote:
> > > Ok well apart from the fact that this is about an article from 2004
> > > about something that isn't enabled by default and is nothing to do wi=

th
> > > KDE dev...

> >
> > At least two of the exploits I have found work against kde.

>
> These are no exploits. The articles you linked to are applications
> of the way security works (or doesn't work) on Unixoid systems / X11.
> They describe what root can do in such an environment. That's
> what a cracker could do *after* using an exploit to gain root
> privileges.


No, there is no need for using an exploit, as it can be done by a root on=20
*OTHER* system to manipulate things on *MY* system.

> It's no surprise that they work on KDE as KDE runs on top
> of these subsystems. There's also nothing KDE can do about it
> so I would still say it's off-topic here (and also on kde-security).


But I agree it should be resolved in the level of X11 and ssh, not KDE.

> It's similar to this:
> "I just discovered a new type of denial-of-service attack against KDE!
> Pulling the power plug crashes KDE reliably and reproducibly.
> I'll email the kde-security list right away.
>
>
> Christian.
>
> >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to
> >> unsubscribe <<


=2D-=20

Ostatn=C4=9B soud=C3=ADm, =C5=BEe uzav=C5=99en=C3=A9 protokoly a form=C3=A1=
ty by m=C4=9Bly b=C3=BDt zni=C4=8Deny, stejn=C4=9B=20
jako Kart=C3=A1go.

--nextPart6873277.u0KoTO5Lxg
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQBD7y0o7/oWwynB3bIRAqVJAJ9gf2tlQzysr89ZxjOmh1LNQ0XDEACfchef
75TMWsi1Bl7NSNeqH2bmOIc=
=If8H
-----END PGP SIGNATURE-----

--nextPart6873277.u0KoTO5Lxg--


--===============1080072618==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<


--===============1080072618==--