[715] in linux-security and linux-alert archive
[linux-security] Accelerated X , machine crash possible monitor damage attack
daemon@ATHENA.MIT.EDU (Alan Cox)
Thu May 9 20:23:29 1996
Date: Thu, 9 May 96 19:10 BST
From: alan@lxorguk.ukuu.org.uk (Alan Cox)
To: linux-security@tarsier.cv.nrao.edu
Software: Accelerated X build 1.2.7 (Caldera Desktop CD)
Description:
User created .Xaccel.ini files override the system wide one. Users may
place statements in the file that cause the priviledged server to crash the
machine. It appears that other aspects are handled correctly. symlinks to
user unreadable files are not read.
Note:
This is the same bug fixed in Xfree86 over a year ago. Could someone
test Metro-X as well ?
Fix:
Unknown. Using XFree86 is not open to all Accelerated X users nor
desirable for performance reasons on some cards.
