On Tue, 17 Oct 2006 21:53:49 -0400, Noah Meyerhans wrote: > However, as I read it, > it sounds like you can only run arbitrary code if you are actually > accessing the X server directly via a client. While this client can be > local or remote, nobody is going to allow unauthenticated remote clients > to access their X server, so this might not be so bad...
I disagree. SSHing to a compromised host should not open the client machine up to security vulnerabilities of this kind. -- Sam Morris http://robots.org.uk/ PGP key id 1024D/5EA01078 3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
