[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What is a security bug?

    Hi,

On 29 Nov 2005, Florian Weimer wrote:
> * Jochen Striepe:
> > On 28 Nov 2005, Michelle Konzack wrote:
> >> If you allow to run apps as different user on the
> >> same desktop, you pick security holes in your system.
> >
> > Please explain that, I don't understand at all.
> 
> Trusted X applications ("trusted" in the sense that they are not
> limited by the X security extension) can read screen contents,
> eavesdrop keypresses (even if XGrabKeyboard is active), and send key
> presses to xterms even if allowSendEvents is disabled (the default).

Ah, thanks, I didn't know those.

But why is it more dangerous for me to open e.g. another instance of
mozilla under a different login than my X session (assuming both
logins are solely under my control)? I mean, if mozilla maliciously
uses the above exploits, this can happen under my usual login as well,
right?


Greetings from Germany,

Jochen.
-- 
Beware of Programmers who carry screwdrivers.
                -- Leonard Brandwein
Reply to: