Re: Re: su/sudo cannot X

To: debian-user@lists.debian.org
Subject: Re: Re: su/sudo cannot X
From: Jon Dowland <lists@alcopop.org>
Date: Fri, 20 Jan 2006 09:15:27 +0000
Message-id: <[🔎] 20060120091527.GV17465@alcopop.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20060119031557.GB7598@topoi.pooq.com>
References: <[🔎] 43CDD046.2000102@crazeecanuck.homelinux.net> <[🔎] 43CEF1AE.2050108@gmail.com> <[🔎] 20060119031557.GB7598@topoi.pooq.com>

On Wed, Jan 18, 2006 at 10:15:57PM -0500, hendrik@topoi.pooq.com wrote:
> I've been told that if a process has a window on an X server, it can 
> create fake events on any of the windows on the X server.  This was, 
> ages ago, a building block for various nice user interfaces, decades 
> before anybody was serious about computer security.  So an open root 
> window wound be easy prey for any stray process that managed to put 
> anything on your screen.
> 
> Anybody know how true this is?

It's true. But, if you have a trojan process injecting X events into
your X, it could trash all your user's data -- which in my case is more
valuable than a root shell on my box (I can unplug the network access
and reinstall in an hour: although I'd be very interested to know where
such a trojan process came from)

-- 
Jon Dowland
http://alcopop.org/

Reply to:

References:
- Re: su/sudo cannot X
  - From: "Edward J. Shornock" <debian-ml@crazeecanuck.homelinux.net>
- Re: Re: su/sudo cannot X
  - From: Lei Kong <lei.kong@gmail.com>
- Re: Re: su/sudo cannot X
  - From: hendrik@topoi.pooq.com

Prev by Date: Re: su/sudo cannot X
Next by Date: Re: Write to tape in high density
Previous by thread: Re: Re: su/sudo cannot X
Next by thread: Re: su/sudo cannot X
Index(es):
- Date
- Thread