Path: utzoo!attcan!uunet!lll-winken!csd4.milw.wisc.edu!mailrus!tut.cis.ohio-state.edu!bloom-beacon!apple!vsi1!wyse!mips!prls!philabs!gotham!ursa!jmd
From: jmd@ursa.UUCP (Josh Diamond)
Newsgroups: comp.windows.x
Subject: Re: X11R3 security hole needs attention
Message-ID: <848@share.ursa.UUCP>
Date: 21 Mar 89 21:18:20 GMT
References: <8903172201.AA16819@EXPIRE.LCS.MIT.EDU> <8903172239.AA00594@buit5.bu.edu>
Reply-To: jmd@share.UUCP (Josh Diamond)
Organization: Bear Stearns, New York
Lines: 31

In article <8903172239.AA00594@buit5.bu.edu> jsol@BU-IT.BU.EDU writes:
>Is there anything we can do to alleviate the problem? 

     At this point in time, not much, other than using xhost to turn off
all access to the display (including from the local host).  The security
hole becomes smaller if you only xhost + a host long enough to bring up the
window, and then xhost - it again once the widow is up.  This seems to work
well for me.

>							I can't believe that
>we are going to have to live with the fact that our bight young students
>have devised a way to read our windows, dump them to disk, rearrange them,
>etc. etc. etc. That simply won't do.
>
>If there is no way to handle this, I am going to recommend to my superiors
>that we support Suntools and get out of the X situation entirely.
>--jsol

Are you aware that under SunTools the same can be done?  All you need to
figure out the the proper /dev/win devices to sepcify.  One you've done
that, it is trivial.  For instance, I have a 10 line shell script which will
raise every terminal window on the screen, making it visible even if 
lockscreen is running...



-- 
Josh Diamond			{philabs.phillips.com, sun.com}!gotham!ursa!jmd
				      ...!{sun, philabs, pyrnj}!gotham!ursa!jmd
We're on an express elevator to hell --    jmd%ursa%gotham@philabs.phillips.com
    GOING DOWN!!					jmd%ursa%gotham@sun.com