[3654] in WWW Security List Archive
Re: -remote option
daemon@ATHENA.MIT.EDU (Ben N. Hasnai)
Mon Dec 2 07:50:13 1996
From: "Ben N. Hasnai" <benh@design.nl>
Date: Mon, 2 Dec 1996 12:03:52 +0100
In-Reply-To: Andrea Di Fabio <fabio@cs.odu.edu>
"-remote option" (Dec 1, 2:45pm)
To: Andrea Di Fabio <fabio@cs.odu.edu>, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
On Dec 1, 2:45pm, Andrea Di Fabio wrote:
> Subject: -remote option
> I have recently read about the remote attack which is possible
> thru the netscape -remote option, when your X server is running in
> xhost + mode.
>
> Is there anyone out there who has a list of all commands accepted by
> the -remote option ?
Look in your App-defaults directory, like in /usr/lib/X11/app-defaults,
and look for the file Netscape.ad or Netscape.
There are scary one's like saveAs and AddBookMark t'll your harddisk gets
full :(
>
> Also, any idead on how to disable netscape from accepting remote
> commands when your Xserver is insecure ?
Hmm.. one could try setting up a firewall to block any ports which
the Netscape client uses.
Ben N. Hasnai
General Design
