[4074] in testers
xss is special
daemon@ATHENA.MIT.EDU (Brad Thompson)
Thu May 20 18:20:15 1999
Message-Id: <199905202220.SAA01344@x15-cruise-basselope.mit.edu>
To: testers@MIT.EDU
Date: Thu, 20 May 1999 18:20:03 -0400
From: Brad Thompson <yak@MIT.EDU>
I wanted to log out someone who had been idle for a while. xss said
"Press Control-L to log out.". I Hit control-L. Nothing happened.
Then I realized, this person used dvorak. So, I logged into another
machine, read his dotfiles (conviently world-readable) and found that L
was labeled "P" on the keyboard. It hit control-P, and xss said
"Logging out". It did not log the person out. The person's login
uses a non-standard session gate, but this should not break xss.
A good solution would be to have a "Click me to log out." thingy.
yak
