[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Remote Root In Nvidia xserver Driver

On Wed, Oct 18, 2006 at 10:42:05AM +0000, Sam Morris wrote:
> On Tue, 17 Oct 2006 21:53:49 -0400, Noah Meyerhans wrote:
> > However, as I read it,
> > it sounds like you can only run arbitrary code if you are actually
> > accessing the X server directly via a client.  While this client can be
> > local or remote, nobody is going to allow unauthenticated remote clients
> > to access their X server, so this might not be so bad...
> 
> I disagree. SSHing to a compromised host should not open the client
> machine up to security vulnerabilities of this kind.

Huh?

sshing to a compromised machine with X forwarding enabled is already a
big enough problem without adding root exploits.

Don't ssh with X forwarding to an untrusted machine. Ever. X is not a
secure protocol and with access to your X server a program can wreak
havoc on anything you do on that X server including capturing passwords
and other sensitive data. It's not an issue specific to this vulnerability.

Dominic.

-- 
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
Reply to: