Re: Accounts for client programs
On Sun, Jun 29, 2003 at 11:22:42PM -0700, Simon Kirby wrote:
> It's probably possible for something to overflow an X packet or something
> in the middle and obtain root by opening a new shell and issuing
> commands, or maybe it's even possible for X clients to fake keystrokes to
> other windows, but most of the stuff I run is text-only anyway.
A program could connect to your X server even if it looks like a text-only
program. Unless you ldd every new binary before you run it, it could even
be linked to X libraries. (It would probably bulk up the binary a lot (i.e.
noticeably) to statically link in enough X library stuff to send keystrokes
to other windows, etc.)
Still, that's not the sort of thing a virus would usually do. It's more
along the lines of what someone attacking you, personally, might try. (esp.
after reading your message... :]
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@llama.nslug.n , s.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BC
Reply to: