Vulnerability Development mailing list archives

RE: Problem with xkill

From: Ron DuFresne <dufresne () winternet com>
Date: Mon, 25 Mar 2002 12:51:53 -0600 (CST)

On Mon, 25 Mar 2002, Joe Gruppuso wrote:

This was merely a controlled experiment; I was curious at to what it
would do (In otherwards, I asked for the ability to be able to access
the remote display.)  This brought forth realization that xkill, in
application, behaves nothing like kill.  Thank you all for the input, it
was most helpful.



of course, unless you are root on the X-server, or have assumed the
display, and thus the user identity <as was done here> of another, you
should not beable to x-kill just any client.  so, for at least part of
this discuassion and issue, x-kill is working similiar to kill in this
regard.  This is what others are saying as regards the security measures
in place, at least at the time of this 'experiment'.

Thanks,

Ron DuFresne


-----Original Message-----
From: Michel Arboi [mailto:arboi () yahoo com]
Sent: Saturday, March 23, 2002 10:09 AM
To: anthony gruppuso
Cc: Bugtraq () securityfocus com; vuln-dev () securityfocus com
Subject: RE: Problem with xkill


 --- anthony gruppuso <agruppus () jcals army mil> a icrit :

I understand that, we use a very strict host access control list here
on all Xserver based devices/products


Obviously not, as you could connect to another display.

I just thought it was interesting that xkill behaved in that manner.
Initally I was under the impression that it would function like a
graphical kill, but apparently that is not the case.


I'm not sure what you call "graphical kill", but once the connection tp
the X server is cut, there is nothing than the client can do, apart
from saving its data and exiting nicely.
Most client just die on SIGPIPE.


___________________________________________________________
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en frangais !
Yahoo! Mail : http://fr.mail.yahoo.com


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

Current thread:

Problem with xkill Anthony Gruppuso (Mar 22)
- Re: Problem with xkill xm (Mar 22)
- Re: Problem with xkill Valdis . Kletnieks (Mar 22)
- Re: Problem with xkill Michel Arboi (Mar 23)
- <Possible follow-ups>
- RE: Problem with xkill anthony gruppuso (Mar 22)
  - RE: Problem with xkill Ron DuFresne (Mar 22)
    - Re: Problem with xkill KF (Mar 23)
  - RE: Problem with xkill Michel Arboi (Mar 23)
- RE: Problem with xkill Joe Gruppuso (Mar 25)
  - RE: Problem with xkill Ron DuFresne (Mar 25)
    - RE: Problem with xkill Sumit Dhar (Mar 26)