[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-devel
Subject: Re: setuid/setgid binaries contained in the Debian repository.
From: Matt Zimmerman <mdz () debian ! org>
Date: 2003-08-19 15:01:35
[Download RAW message or body]
On Tue, Aug 19, 2003 at 01:14:33AM +0300, Richard Braakman wrote:
> This might be true for text-based games, though even they could reprogram
> the terminal in nasty ways. Games that use X11, however, will need
> access to the user's X session, and that basically gives them free
> reign. They'll be able to do fun things like listen to keypress events
> or paste text into an open xterm.
>
> If you do find a way to run graphical games in a separate uid, then let
> me know -- I'll want to use that for my web browser :-)
xauth -f someplace-else generate $DISPLAY . untrusted
It breaks some applications, though.
--
- mdz
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic