Re: Possible Netscape / Mozilla bug
On Fri, 2002-07-12 at 03:00, Gordon Paynter wrote:
<snip>
>
> So here is what happens. I log in as user1 and run mozilla. Later, I
> open a new window and log in there as user2 (using the same machine
> and the same DISPLAY). As user2, I run "netscape" at the
> command-line. Rather than starting netscape, a new window is launched
> for user1 from user2's process of Mozilla.
>
> Obviously, this is bad. Suppose user2 maliciously sets their display
> to some other machine, and runs netscape. Netscape has user1's
> Mozilla launch a new window on the remote machine, and user2 has
> access to user1's stored passwords etc.
> Can anyone else verify this behaviour? I think this is probably a
> netscape bug (it should never have attempted to use another user's
> process) and a Mozilla bug (it should never have launched a window for
> the other user). Either that, or its some sort of misconfiguration on
> my part. Any thoughts?
Yes. Kind Of. On the same display, if I spawn two terminals with two
different users and spawn mozilla from each, the second instance is run
as the first user.
This is however, only after I did
% xhost +
as the first user. with
% xhost -
nothing happens.
im not exactly sure what this means but thought I would report.
Shri
PS - I dont have netscape installed so havent tried with that
--
------------------------------------------------------------------------
Shri Shrikumar U R Byte Solutions
I.T. Consultant 26/3 Annandale Street Tel: (0131) 558 9990
Email: shri@urbyte.com Edinburgh EH7 4AN Web: www.urbyte.com
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: