On Wed, May 26, 1999 at 12:32:12AM +0000, Graham Evans wrote: > Take two unix boxes (A and B), on the console of A, run X and allow B to > access the screen (using the xhost command). Now you opened up Pandora's box. B can sniff A's keyboard, "inject" keystrokes and mouse movements into the input stream and spy on A's screen. And probably do much more that doesn't come to my mind right now. It all boils down to "xhost is evil". > Telnet into B and (after > setting the DISPLAY env) run netscape. > > You now get a copy of netscape running on b (type "file:/etc/hostname" > in the location bar) What follows is just an effect of a feature (not a bug!) of Debian's netscape wrapper script to re-use already running netscape processes. Check out /usr/X11R6/bin/netscape to see what exactly it does, and you should be able to duplicate this behaviour on any Unix system. -- Andreas Trottmann <andreas.trottmannat_private>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:47:19 PDT