Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Wed, 5 Mar 2008 09:24:32 +0000
From: Steve Kemp <steve@...ve.org.uk>
To: oss-security@...ts.openwall.com
Subject: Re: request CVE id: insecure handling of DISPLAY in
	rxvt

On Wed Mar 05, 2008 at 10:19:09 +0100, Tomas Hoger wrote:

> Yes, many assumptions and ifs, but still silently assuming DISPLAY=:0
> when no DISPLAY is set does not sound like a safe default.

  Agreed.

> But then  I also don't understant what you mean by "setup an fake X  
> server waiting for someone loggin in..."

  This should be a matter of running 'startx' appropriately.  I was
 under the misapprehension that only root could startup X, but that
 seems not to be the case.

  Providing the host wasn't already running X then it might be possible
 for local users to launch a copy they control.

> Could you describe the attack scenario in  a bit more details?

  I'd look forward to that too.


Steve
-- 
# The Debian Security Audit Project.
http://www.debian.org/security/audit

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux