Path: utzoo!attcan!uunet!mcvax!enea!kth!draken!klas
From: klas@nada.kth.se (Klas Heggemann)
Newsgroups: comp.windows.news
Subject: journal is dangerous
Message-ID: <554@draken.nada.kth.se>
Date: 9 Sep 88 10:01:43 GMT
Reply-To: klas@nada.kth.se (Klas Heggemann)
Organization: Royal Institute of Technology, Stockholm, Sweden
Lines: 15


NeWS users must be aware of the possiblilty to 'eavesdrop' their
work using e g journal.ps. I tried to record, as user nobody, what
was going on. It was really easy to check everything I did,
including the password for su-sessions!! Anybody can use the
journaling while you use NeWS for you daily work. They just log
in on your machine and use psh to talk to the NeWS-server (which
they may do since the localhost is in the newshost-list).

I also noticed that a playback of a session may not really play
what happend. Instead it plays the events, which may really
do something else then when you recorded it. E g I zapped a window
while recording a session. Doing a playback resulted in a
choice in the rootmenu instead of the window frame menu, a choice
that lead to the destruction of all windows!!