Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 25 May 2008 19:00:08 +0200
From: "Bernhard R. Link" <brlink@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE id request: xscreensaver

* Tomas Hoger <thoger@...hat.com> [080525 16:03]:
> Is there any known attack vector crossing trust boundary?  Usage of
> xrandr should be fully under the control of the user running
> xscreensaver.

Some vectors might be thinkable due to increasing automation:
Perhaps some desktop environments realize a external monitor vanishing
and rearrange the layout (which is quite nice to avoid programs being
in invisible parts of the layout).
If that is the case a local attacker might use this weakness gain access
to the account without getting noticed that easily as when opening the
case of the computer.

An already possible attack vector, though needing very unlikely
requirements: An user issued an ssh -X localhost to an more priviliged
account in an xterm and started an xscreenserver there, because he
suspects someone else might know the password and login with the
unprivileged account he is logged in. Then this sense of protection
would be false due to this problem. The unlikely part is that this
would only work if the computer was not running before since the
possible compromize of the password and only connected to the net
after entering the password into ssh. So also in that case it could
only widen a gap that is hardly totally closed anyway.

Hochachtungsvoll,
	Bernhard R. Link

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.