[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: kdesu in KRASH
From:       Geert Jansen <g.t.jansen () stud ! tue ! nl>
Date:       1999-09-23 12:13:22
[Download RAW message or body]

Dawit Alemayehu wrote:

> Just out of curiousity ... Does anyone know in what sense the current kfmsu2
> script is insecure i.e. what its vulernability is ?

On a multiuser machine, giving local clients access means giving all
local users access to the X display. This is dangerous, for example you
could request all key events thereby sniffing root's terminal.

Greetings,
-- 
    Geert Jansen                       email: <g.t.jansen at stud.tue.nl>
    Phylosopher, Physicist                        PGP key ID: 0xD2B5E7CE

[prev in list] [next in list] [prev in thread] [next in thread]