Re: What is a security bug?
Hi,
On 29 Nov 2005, Florian Weimer wrote:
> * Jochen Striepe:
> > On 28 Nov 2005, Michelle Konzack wrote:
> >> If you allow to run apps as different user on the
> >> same desktop, you pick security holes in your system.
> >
> > Please explain that, I don't understand at all.
>
> Trusted X applications ("trusted" in the sense that they are not
> limited by the X security extension) can read screen contents,
> eavesdrop keypresses (even if XGrabKeyboard is active), and send key
> presses to xterms even if allowSendEvents is disabled (the default).
Ah, thanks, I didn't know those.
But why is it more dangerous for me to open e.g. another instance of
mozilla under a different login than my X session (assuming both
logins are solely under my control)? I mean, if mozilla maliciously
uses the above exploits, this can happen under my usual login as well,
right?
Greetings from Germany,
Jochen.
--
Beware of Programmers who carry screwdrivers.
-- Leonard Brandwein
Reply to: