On Fri, 22 Mar 2002, Anthony Gruppuso wrote: > normal user, but what amazed me, was the my xkill process, as a normal > user, was able to kill a process that did not belong to me. The other > user clicked the cursor on an xterm, and it died. I checked to see if > the xkill binary was setuid root, but it was not. This is definatley > not a good 'feature.' :) Input on this logic would be greatly From the Linux xkill manpage: Xkill is a utility for forcing the X server to close con- nections to clients. It is not directly killing the program but forcing the X server to close the client's connection. The security issue at hand is allowing you to connect to his xserver (with the xkill binary). -- xmat_private (http://while1.net/)
This archive was generated by hypermail 2b30 : Fri Mar 22 2002 - 17:04:10 PST