[619] in bugtraq
xcrowbar/ident for x
daemon@ATHENA.MIT.EDU (Nathan Lawson)
Wed Jan 11 17:14:52 1995
From: nlawson@statler.csc.calpoly.edu (Nathan Lawson)
To: mouse@Collatz.McRCIM.McGill.EDU (der Mouse)
Date: Wed, 11 Jan 1995 11:53:45 -0800 (PST)
Cc: bugtraq@fc.net
In-Reply-To: <199501111533.KAA14040@Collatz.McRCIM.McGill.EDU> from "der Mouse" at Jan 11, 95 10:33:09 am
> What's xcrowbar, and how does it "turn[] off the authority mechanisms
> altogether"? In my experience, only clients running on the local host,
> or the xdm host if the server was started with xdm, can fiddle with the
> access control mechanisms.
It's basically a C program that does the equivalent of "while (1) {
xhost +". It does have to be run on the local machine.
> In any case, yes, it's true that "xhost -" doesn't magically mean
> you're safe again.
Yes. Perhaps the ident info that you wished to log would come in handy when
wondering where that gif was coming from. :)
--
Nathan Lawson | "One of the advantages of using UNIX to teach an operating
CSL 490 Admin | systems course is the sources and documentation will easily
756-7180 @Work | fit into a students briefcase." -- John Lions (1976)
