Cron/Xwindows
Jonathan Hutchins
hutchins at tarcanfel.org
Thu Oct 23 02:56:54 CDT 2003
On Wednesday 22 October 2003 11:28 am, Brian Densmore wrote:
> > > Can you imagine the trouble that could happen ...
> 1) evil user launches an alternate login screen on xclient
> and steals users login information;
But he can't, because the "alternate login screen" has not been implimented by
the admin (root), nor does it have permission to write to another user's
session. (If root file permission has been hacked, we're hosed anyway.)
> 2) evil user launches hidden window that monitors user;
Evil user does not have read access to good user's session.
> 3) evil user launches install window, that steals users login
> and then proceeds to steal/alter/corrupt/destroy user's files;
See above.
> 4) evil remote user launches disgusting site on user's desktop;
That happens with browsers all the time - nothing to do with system security.
Really, all of the above might happen in a system like Windows where
permissions for devices and files are an afterthought, but not on a Linux
system.
More information about the Kclug
mailing list