Re: What is a security bug?
* Jochen Striepe:
> Hi,
>
> On 28 Nov 2005, Michelle Konzack wrote:
>> If you allow to run apps as different user on the
>> same desktop, you pick security holes in your system.
>
> Please explain that, I don't understand at all.
Trusted X applications ("trusted" in the sense that they are not
limited by the X security extension) can read screen contents,
eavesdrop keypresses (even if XGrabKeyboard is active), and send key
presses to xterms even if allowSendEvents is disabled (the default).
See <http://www.enyo.de/fw/security/notes/zwei-x-schwachstellen.html>
(German) and:
<http://lists.enyo.de/pipermail/security-announce/2005-May/000001.html>
<http://lists.enyo.de/pipermail/security-announce/2005-May/000002.html>
Reply to: