Re: Possible flaw in XFree?

From: Michael Jennings (mej@kainx.org)
Date: 06/29/02 

Date: Sat, 29 Jun 2002 13:08:49 -0400
From: Michael Jennings <mej@kainx.org>
To: vuln-dev@securityfocus.com

On Friday, 28 June 2002, at 07:37:04 (-0500),
Ross Nelson wrote:

> However, the point of xlock is to lock it and prevent things like
> that.

Uh, no. The point of xlock is to lock the *session*, not the machine.

> I see what you're saying, but if they can do that then there's no
> point in locking.

Sure there is. Users lock sessions to prevent other users from
gaining access to their authentication. If I'm logged in via X, and
do not lock my session, another user can sit down at my station, start
up a new terminal window, and do whatever he likes with all the
privileges I have. Locking the session prevents him from doing
naughty things as me. It doesn't prevent him from logging in as
himself, nor should it.

> Also, have you tried opening a second X server on one box at the
> same time? I haven't tried and was wondering if that'd actually
> work.

Of course it works. That's what multiple displays are all about. Try
"startx -- :1"

Michael 

-- 
Michael Jennings (a.k.a. KainX)  http://www.kainx.org/  <mej@kainx.org>
n+1, Inc., http://www.nplus1.net/         Author, Eterm (www.eterm.org)
-----------------------------------------------------------------------
 "The Swiss have an interesting army.  Five hundred years without a
  war.  Pretty impressive.  Also pretty lucky for them.  Ever see that
  little Swiss Army knife they have to fight with?  Not much of a
  weapon there.  Corkscrews.  Bottle openers.  'Come on, buddy, let's
  go.  You get past me, the guy in back of me, he's got a spoon.  Back
  off.  I've got the toe clippers right here.' "     -- Jerry Seinfeld

Relevant Pages

  • Re: [Info-Ingres] Kill processes that causes lock in the database
    ... Kill processes that causes lock in ... It is based on Ingres ... iimonitor - show sessions formatted. ... Resource held by session Mode 2. ...
    (comp.databases.ingres)
  • Re: row locking and inserts
    ... I am working in an application in which I want to lock a set of rows ... session 1> begin transaction ... session 1> commit ... You could get an Oracle DB fairly easily - download the free Oracle ...
    (comp.databases.oracle.server)
  • Re: Locking question when using Select clause with For Update and Skip locked
    ... This is working fine in SQL Server and multiple session can get the ... But in Oracle the first session only return 1 row but locks all the ... It looks like both the session got the ROW-X lock but one session is ...
    (comp.databases.oracle.server)
  • Re: where are my threads blocking problems?
    ... >> Mainor keepTesting, or similar fields. ... The code does indeed prevent more than one thread from processing a session ... potentially conflicting session. ... and EndSession methods do not lock this collection. ...
    (microsoft.public.dotnet.framework.performance)
  • Re: where are my threads blocking problems?
    ... >> Mainor keepTesting, or similar fields. ... The code does indeed prevent more than one thread from processing a session ... potentially conflicting session. ... and EndSession methods do not lock this collection. ...
    (microsoft.public.dotnet.languages.csharp)