Re: Remote Root In Nvidia xserver Driver
On Wed, 18 Oct 2006 11:48:18 +0100, Dominic Hargreaves wrote:
> On Wed, Oct 18, 2006 at 10:42:05AM +0000, Sam Morris wrote:
>> On Tue, 17 Oct 2006 21:53:49 -0400, Noah Meyerhans wrote:
>> > However, as I read it,
>> > it sounds like you can only run arbitrary code if you are actually
>> > accessing the X server directly via a client. While this client can be
>> > local or remote, nobody is going to allow unauthenticated remote clients
>> > to access their X server, so this might not be so bad...
>>
>> I disagree. SSHing to a compromised host should not open the client
>> machine up to security vulnerabilities of this kind.
>
> Huh?
>
> sshing to a compromised machine with X forwarding enabled is already a
> big enough problem without adding root exploits.
>
> Don't ssh with X forwarding to an untrusted machine. Ever.
The point is that I may trust the machine, it may have been compromised
without me finding out. I should not have to send the hackers who did it
an email saying "ok fellas, you got me, here are all my root passwords".
> X is not a
> secure protocol and with access to your X server a program can wreak
> havoc on anything you do on that X server including capturing passwords
> and other sensitive data. It's not an issue specific to this
> vulnerability.
Isn't the X11 security extension designed to help with these issues? But
anyway, you can't deny that this vulnerability increases a users' attack
surface significantly. Especially since someone else pointed out that a
Flash movie or Java applet could exploit the vulnerability (i.e., you
don't need to use X11 forwarding to make the vulnerability into a remote
one).
> Dominic.
--
Sam Morris
http://robots.org.uk/
PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078
Reply to: