Dave Feustel pointed to
http://www.ssi.gouv.fr/fr/sciences/fichiers/lti/cansecwest2006-duflot-paper.pdf
as an example of "X-Windows has been known to be insecure for some time.".
A brief perusal of the paper shows that it describes a way for the
*superuser* to circumvent securelevel restrictions. This is interesting,
but
(a) it describes an attack by a malicious *superuser*, and
(b) it describes an attack by a malicious person who *already* has an
account on the machine under attack.
(a) in particular makes this of more academic than practical concern
-- a malicious superuser has about 6.02e23 different ways to take over
the system, so adding one more is of little interest. This "attack"
is trivially preventable by not allowing malicious persons to become
superuser in the first place, indeed by not giving them logins.
ciao,
--
-- "Jonathan Thornburg -- remove -animal to reply" <[EMAIL PROTECTED]>
Max-Planck-Institut fuer Gravitationsphysik (Albert-Einstein-Institut),
Golm, Germany, "Old Europe" http://www.aei.mpg.de/~jthorn/home.html
"Washing one's hands of the conflict between the powerful and the
powerless means to side with the powerful, not to be neutral."
-- quote by Freire / poster by Oxfam
