[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: X11 exploit info
From:       Christian Mueller <cmueller () gmx ! de>
Date:       2006-02-12 12:12:01
Message-ID: 200602121312.02431.cmueller () gmx ! de
[Download RAW message or body]

Am Sonntag, 12. Februar 2006 12:23 schrieb Dave Feustel:
> On Sunday 12 February 2006 06:02, Ivor Hewitt wrote:
> > Ok well apart from the fact that this is about an article from 2004 about 
> > something that isn't enabled by default and is nothing to do with KDE 
> > dev... :)
> 
> At least two of the exploits I have found work against kde.


These are no exploits.  The articles you linked to are applications 
of the way security works (or doesn't work) on Unixoid systems / X11.  
They describe what root can do in such an environment.  That's 
what a cracker could do *after* using an exploit to gain root 
privileges.

It's no surprise that they work on KDE as KDE runs on top 
of these subsystems.  There's also nothing KDE can do about it
so I would still say it's off-topic here (and also on kde-security).

It's similar to this: 
"I just discovered a new type of denial-of-service attack against KDE!
Pulling the power plug crashes KDE reliably and reproducibly.  
I'll email the kde-security list right away.  :)


Christian.



 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]