[3722] in WWW Security List Archive
Re: -remote option
daemon@ATHENA.MIT.EDU (Damien Miller)
Thu Dec 5 23:35:28 1996
Date: Fri, 6 Dec 1996 13:19:54 +1100 (EST)
From: Damien Miller <dmiller@vitnet.com.sg>
To: Andrea Di Fabio <fabio@cs.odu.edu>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <Pine.3.91.961201144048.12311B-100000@pitfall.cs.odu.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 1 Dec 1996, Andrea Di Fabio wrote:
> I have recently read about the remote attack which is possible
> thru the netscape -remote option, when your X server is running in
> xhost + mode.
If you are running in 'xhost +' mode, you have a lot more to worry about
than netscape. Limit your trust to specific hosts/networks at the very
least.
Regards,
Damien
| Damien Miller -
| Email: dmiller@vitnet.com.sg (PGP and MIME ok)
| WWW: http://www.vitnet.com.sg/dmiller
| PGP public key: send me an email with "send file pgp_key" as the subject
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQEVAwUBMqeCxbrHgZ2SMrItAQEEygf9HXIU+ZEqrQwDpRTrJfINCgF5+YaHNd8S
3bKR++svKraCCi4MsTwmYD/I2P42JYJFoXeBmWeBZWocMtucMn65FZ+OSKXDqZHK
P6LTJ3iG5CM+OVBmhocvj3ybtdw1WV2btt3Of+Ox15+v76sz6psAelGV8XNbiaVu
2TkdazC1dVUWWY86KRy+GwuiLxjYYb5CvI8+HffGWGPzqMdQj5XZ45MofPJwRcp1
hSqvAewa/uAs9wZfBkWdw3EZLahDVP5GpSNFqVisjUAqtQCPGypTnXJkzZsIWr57
K6pU9bmkFDaNWpDwxoQVKZb0t/qe1QG1hoDmewnwHf4iWNpwGTqBVg==
=tCE/
-----END PGP SIGNATURE-----
