Re: [PATCH 7/7] SLIM: documentation

From: Pavel Machek
Date: Tue Sep 19 2006 - 18:02:52 EST


Hi!

> Documentation.

Thanks for it.

> +file /etc/resolv.conf, dbus-daemon, which accepts data from
> +potentially untrusted processes, Xorg, which has to accept data
> +from all Xwindow clients, regardless of level, and postfix which
> +delivers untrusted mail. Again, these applications inherently
> +must cross trust levels, and SLIM properly identifies them.

How is this supposed to work. Xorg was not designed to be security
barrier. So... your exploited evolution, but evolution is now
UNTRUSTED, so you can't do anything interesting... right?

Wrong. evolution can ask Xorg to simulate "rm -rf /" keypresses, and
send them to your shell in another window...
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/