[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possible Netscape / Mozilla bug

On Fri, 2002-07-12 at 03:00, Gordon Paynter wrote:

> So here is what happens.  I log in as user1 and run mozilla.  Later, I
> open a new window and log in there as user2 (using the same machine
> and the same DISPLAY).  As user2, I run "netscape" at the
> command-line.  Rather than starting netscape, a new window is launched
> for user1 from user2's process of Mozilla.
> Obviously, this is bad.  Suppose user2 maliciously sets their display
> to some other machine, and runs netscape.  Netscape has user1's
> Mozilla launch a new window on the remote machine, and user2 has
> access to user1's stored passwords etc.

> Can anyone else verify this behaviour?  I think this is probably a
> netscape bug (it should never have attempted to use another user's
> process) and a Mozilla bug (it should never have launched a window for
> the other user).  Either that, or its some sort of misconfiguration on
> my part.  Any thoughts?

Yes. Kind Of. On the same display, if I spawn two terminals with two
different users and spawn mozilla from each, the second instance is run
as the first user.

This is however, only after I did 

% xhost + 

as the first user. with 

% xhost -

nothing happens.

im not exactly sure what this means but thought I would report.

PS - I dont have netscape installed so havent tried with that

Shri Shrikumar             U R Byte Solutions
I.T. Consultant            26/3 Annandale Street   Tel: (0131) 558 9990	
Email: shri@urbyte.com     Edinburgh EH7 4AN       Web: www.urbyte.com

To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: