package rxvt
tag 469296 + patch
thanks
Attached is a patch for rxvt to not use :0 if unset both in rxvt
and in rclock. (The last is no security problem, but just annoying to
have to wait for an error message when it is not set).
Hochachtungsvoll,
Bernhard R. Link
diff -rup
* Nico Golde [EMAIL PROTECTED] [080304 15:07]:
Did you also test other terminal emulators?
No, I just stumbled over rxvt poping up on an unexpected place.
* Nico Golde [EMAIL PROTECTED] [080305 12:54]:
I don't think its a user mistake if rxvt does not return a
message that DISPLAY is not set
Hi Bernhard,
* Bernhard R. Link [EMAIL PROTECTED] [2008-03-06 12:13]:
* Nico Golde [EMAIL PROTECTED] [080304 15:07]:
* Nico Golde [EMAIL PROTECTED] [080305 12:54]:
I don't think its a user mistake if rxvt does not return a
message that DISPLAY is not set and uses a random one
instead.
I
Hi,
I don't think its a user mistake if rxvt does not return a
message that DISPLAY is not set and uses a random one
instead.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
Package: rxvt
Version: 1:2.6.4-12
Severity: grave
Tags: security
If the DISPLAY environment is not set, rxvt opens an xterm on :0,
which on some headless login-server means anyone can setup an
fake X server waiting for someone loggin in without X forwarding
to start rxvt by some mistake or by
Hi,
I requested a CVE id for this.
Did you also test other terminal emulators?
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpsCLll2lmTK.pgp
Description: PGP signature
Wow, you really consider is a security issue? When a user does a
mistake?
--
Lubomir Kundrak (Red Hat Security Response Team)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
7 matches
Mail list logo