[2641] in bugtraq
Re: Is _your_ Netscape under remote control
daemon@ATHENA.MIT.EDU (Warner Losh)
Mon May 27 16:33:40 1996
Date: Mon, 27 May 1996 09:52:08 -0600
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Warner Losh <imp@village.org>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: Your message of Sat, 25 May 1996 02:11:47 +0200
: Still, there is a significant gap between sniffing/denial of service and
: executing shell commands. From what I've seen, security-conscious X
: clients (such as xterm) have traditionally made sure they ignored
: syntetic keyboard events, and didn't provide any kind of shell-capable
: remote X interface.
Well, that's true iff the events are marked as synthetic. I have seen
X servers that neglect to mark events as synthetic if you do an
XSendEvent w/o setting the synthetic field to be true. I once saw a
semonstration of the so-called secure xterm mechanisms where the
terminal was remotely controlled (yes, the secure bits were set, and
we double checked the same program on a different X server and it
worked like the authors had intended). This was in the R2 server time
frame, so maybe things have changed somewhat since then.
Warner
