Re: OpenSSH uploaded replacing ssh, please test
- To: Jules Bean <jmlb2@hermes.cam.ac.uk>
- Cc: Tommi Virtanen <tv@debian.org>, Philip Hands <phil@hands.com>, debian-devel@lists.debian.org, recipient list not shown: ;
- Subject: Re: OpenSSH uploaded replacing ssh, please test
- From: Joey Hess <joeyh@debian.org>
- Date: Thu, 4 Nov 1999 12:37:29 -0800
- Message-id: <19991104123729.M19976@kitenet.net>
- Mail-followup-to: Jules Bean <jmlb2@hermes.cam.ac.uk>, Tommi Virtanen <tv@debian.org>, Philip Hands <phil@hands.com>, debian-devel@lists.debian.org, recipient list not shown: ;
- In-reply-to: <Pine.SOL.4.10a.9911041946170.17870-100000@red.csi.cam.ac.uk>; from jmlb2@hermes.cam.ac.uk on Thu, Nov 04, 1999 at 07:50:32PM +0000
- References: <19991104183652.A11827@hq.yok.utu.fi> <Pine.SOL.4.10a.9911041946170.17870-100000@red.csi.cam.ac.uk>
Jules Bean wrote:
> Correct me if I'm wrong, but the only way someone could install such a
> sneaky app is if they have root access on that machine, or access to your
> account on that machine. And if they have either of those things, you
> have no security anyway, because they can run circles around any security
> measure you impose.
All someone needs to run an invisible keyboard grabber is for you to mess up
your Xauthority for a minute. Ie, run "xhost +", or leak your Xauthority
cookie, etc.
--
see shy jo
Reply to: