Date: Sun, 25 May 2008 19:00:08 +0200 From: "Bernhard R. Link" <brlink@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE id request: xscreensaver * Tomas Hoger <thoger@...hat.com> [080525 16:03]: > Is there any known attack vector crossing trust boundary? Usage of > xrandr should be fully under the control of the user running > xscreensaver. Some vectors might be thinkable due to increasing automation: Perhaps some desktop environments realize a external monitor vanishing and rearrange the layout (which is quite nice to avoid programs being in invisible parts of the layout). If that is the case a local attacker might use this weakness gain access to the account without getting noticed that easily as when opening the case of the computer. An already possible attack vector, though needing very unlikely requirements: An user issued an ssh -X localhost to an more priviliged account in an xterm and started an xscreenserver there, because he suspects someone else might know the password and login with the unprivileged account he is logged in. Then this sense of protection would be false due to this problem. The unlikely part is that this would only work if the computer was not running before since the possible compromize of the password and only connected to the net after entering the password into ssh. So also in that case it could only widen a gap that is hardly totally closed anyway. Hochachtungsvoll, Bernhard R. Link
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.