[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape hole without .Xauthority (fwd)



In message <Pine.3.89.9509291503.A1295-0100000@jamarillo>, Jyri Kaljundi writes
:
[...]
>There's a huge hole in the Netscape remote control mechanism for the
>X-Windows based clients.=20
>Potential impact : anybody can become any user that uses Netscape on any
>system without sufficient X security.
[...]
>PS: WHY do they bother with PGP and RSA security when they keep such holes =
>????

Well, I would susspect that because if your X server isn't "secure" there
isn't much you can do that is.

Other then xterm, most X programs will respond to "synthetic" events
(events gennerated by another programs as opposed to the user), this
means with a little work anyone with access to the X server could
click open the File menu, select "Open URL", type in a URL, press "Open",
click "SaveAs", and so on.

Even if all X clients stoped listening to synthetic events (which would
be a shame - since they are useful in various contexts) X's event
structure allows multiple X cleints to lissten for tthe same events on
the same windows, so a simple program could track all keystrokes and
capature your passwords.

Failing all of that any X client could track ownership of the X selection
(the "cut buffer" normally used to hold text), and when it looks like a
Unix command (implying that you will be pasting it into the command line)
assert ownership of the selection itself and put in "^X^U^H;rm -rf ~/*"
followed by a carrage return.

That's just off the top of my head ('tho I admit I have written two of
the three "exploits" while I was a sysadmin 4 years ago in an effort
to convinse my managers to mandate better security then "xhost +"...).

So saying "Netscape isn't secure when my X server isn't" is alot like
saying "When I leave the front door of my house unlocked my VCR isn't
safe!".
-- 
Not speaking for my employer, or anyone other then myself.