Path: utzoo!attcan!uunet!lll-winken!ames!mailrus!purdue!bu-cs!bloom-beacon!BU-IT.BU.EDU!jsol
From: jsol@BU-IT.BU.EDU
Newsgroups: comp.windows.x
Subject: X11R3 security hole needs attention
Message-ID: <8903172103.AA00441@buit5.bu.edu>
Date: 17 Mar 89 21:03:07 GMT
Sender: daemon@bloom-beacon.MIT.EDU
Organization: The Internet
Lines: 14


X11R3 has a nasty security bug that is being exploited here. We use our
workstations as user hosts as well as X machines, and when a user logs
in, he can do anything to your X system that he wants (dump the screen,
snarf windows, or anything that I can do from my console).

Also, the security system ("xhost bu-cs" for example), will let you
turn on a specific host for the purpose of running XTERM, but you can
not prevent some other user on that host from accessing your server
and doing any of the above sorts of things.

Is anyone going to fix this in the near future?

--jsol