I understand that, we use a very strict host access control list here on all Xserver based devices/products; I just thought it was interesting that xkill behaved in that manner. Initally I was under the impression that it would function like a graphical kill, but apparently that is not the case. Anthony (Joe) Gruppuso -----Original Message----- From: Valdis.Kletnieksat_private [mailto:Valdis.Kletnieksat_private] Sent: Friday, March 22, 2002 5:09 PM To: Anthony Gruppuso Cc: Bugtraqat_private; vuln-devat_private Subject: Re: Problem with xkill On Fri, 22 Mar 2002 14:54:03 EST, Anthony Gruppuso said: > I don't know what possesed me to try this, but under Digital UNIX 5.0, > as a normal user, I was able to set my DISPLAY to the IP address of > another user who was running a seperate session, and run xkill. xkill (like any other X client) uses the standard X access control scheme. Most likely, the other user had done an 'xhost +' or 'xhost +yourhost'. That's why xauth and friends exist, to stop games like this... -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
This archive was generated by hypermail 2b30 : Fri Mar 22 2002 - 17:00:27 PST