Re: group video access hazards?

To: "Tom Goulet (UID0)" <uid0@em.ca>, debian-security@lists.debian.org
Subject: Re: group video access hazards?
From: Russell Coker <russell@coker.com.au>
Date: Wed, 29 Oct 2003 01:56:37 +1100
Message-id: <[🔎] 200310290156.37923.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] 20031028071253.GA9638@nova.vor.em.ca>
References: <[🔎] 20031028071253.GA9638@nova.vor.em.ca>

On Tue, 28 Oct 2003 18:12, Tom Goulet (UID0) wrote:
> I'm curious what a malicious user could do with access to the
> framebuffer device via the </dev/fb0> device file.  Could a malicious
> user see anything other than what's on his or her virtual console or X
> session?

A malicious user who logs in via ssh can see the virtual console of whoever is 
running X or a VT login.  fbgrab is a good example program.

Such a malicious user could also display arbitary data on the screen.  This 
couldn't be used for a login: prompt (no keyboard access), but could be used 
to mislead the user as to what program they are really communicating with.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

References:
- group video access hazards?
  - From: "Tom Goulet (UID0)" <uid0@em.ca>

Prev by Date: group video access hazards?
Next by Date: Re: group video access hazards?
Previous by thread: group video access hazards?
Next by thread: Re: group video access hazards?
Index(es):
- Date
- Thread