On Sunday 12 February 2006 08:08, Christian Mueller wrote:
> If there is a real working exploit then everything is lost already.


This is essentially correct. The reason is that since the exploits
eavesdrop keyboards of other sessions of the same user, if the
exploit is part of the injected payload of some piece of malware,
the passwords you type in any x11 session can be captured by
that malware if it executes with that user's privileges. This can
be mitigated by always dropping to console mode to type in
passwords.

The defense (subject to revision as I learn more) is

1) to always make sure that .Xauthority is rw only
by the owner (that does not stop these exploits, it just requires
that the exploit execute with owner privileges before it can get
any info. Otherwise *anyone* can monitor your x11 sessions).

2) to use a 'block in all' rule with pf (or the equivalent rule with
whatever packet filter you are using). Blocking all unsolicited input
cuts down tremendously on what you have to protect against.

3) never run x11 on a server which can be accessed from the internet.

> The articles you linked to are not exploits.

The articles describe the exploits.
--
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"

>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<