On Saturday 24 December 2005 14:57, Matthew Closson wrote: > On Sat, 24 Dec 2005, Dave Feustel wrote: > > > I hate to send this Christmas present to misc, > > but there is definitely a security hole in Xwindows > > which permits exploits to be committed at least > > with user permissions, if not root permissions. > > Since the problem appears to be in Xwindows, > > using KDE may be inadviseable. I'm considering > > going back totally to console mode now that > > I'm aware of the problem. > > > > Dave Feustel > > -- > > Lose, v., experience a loss, get rid of, "lose the weight" > > Loose, adj., not tight, let go, free, "loose clothing" > > > > > > Dave, > > And do you care to share this monumental discovery of yours?
Should I assume from the comment above that you already know about this security hole? > Also if your flaw is in X then what does KDE have to do with that? As far as I can guess so far, the security hole is via Xwindows and the exploit of that security hole appears to involve some combination of kde's kio, konsole and uiserver which permits the perp to execute commands with the permissions of the account using kde. The lack of kgrant_pty on openbsd seems also to facilitate the exploit. At this point I have hard evidence (for myself, but probably not for others) that certain security-related file permissions are being changed by someone else but me, and I am the only (authorized) user of this system. (I am the person doing the authorization :-) ). So far I have seen nothing that could not be done with my user permissions (ie no sign of changes requiring root privileges). The penetrating perp seems to know Xwindows and kde inside and out - certainly a lot better than I do. I *am* learning things while poking around though :-). > Merry Christmas, > > -Matt- > -- Lose, v., experience a loss, get rid of, "lose the weight" Loose, adj., not tight, let go, free, "loose clothing"