Re: group video access hazards?
On Tue, 28 Oct 2003 18:12, Tom Goulet (UID0) wrote:
> I'm curious what a malicious user could do with access to the
> framebuffer device via the </dev/fb0> device file. Could a malicious
> user see anything other than what's on his or her virtual console or X
> session?
A malicious user who logs in via ssh can see the virtual console of whoever is
running X or a VT login. fbgrab is a good example program.
Such a malicious user could also display arbitary data on the screen. This
couldn't be used for a login: prompt (no keyboard access), but could be used
to mislead the user as to what program they are really communicating with.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: