Dear Programmers! I use OpenBSD, and i find a litle, or not litle bug (if
security problem). I just user, and beginner in OpenBSD, not hard in english,
sorry if not quality bug report, but i want. :) To see the bug:I want take
harden exploitable user whidth separated as another user runned browser and
skype, i seen it work good, but find the bug..., not too big to good usage,
but maybe security: To reproduce:( pwd : /home/myusername )'xauth -f
.untrusted_user generate :0 . untrusted timeout 10xauth -f .untrusted_user
extract - :0 > /home/net/.Xauthorityexport HOME=/home/netexport
XAUTHORITY=/home/net/.Xauthority/usr/bin/sudo -u net /usr/local/bin/geany'
( editor is more convenient to reproduce )
Now i have an editor as untrused X client, who not can everything in X.I
create xterm, as user 'myusername'. If i want copy text from editor,
or skype, or firefox whidth midle mouse button in many times (about 2-5 probe,
move between the windows, and klick), to xterm, that trusted user running,
than crash the xterm. That's all, i hope not security bug, just in the
usage of the X auth security.I use almost original: OpenBSD xxxxxxxxxxxx 5.0
GENERIC#43 i386 I take a litle modification, becouse a hardware driver bug
hardening my life. :) (An old Asus laptop, and disable acpi, becouse freeze
the machine if i press Ctrl-Alt-F2, and maybe other case.) (On another netbook
find hardware driver bug too, i must disable ahci driver, and Usb 2.0 ehci,
becouse both freeze my machine. In this machine must take display.brightness
to min. 10, becouse the default is take my lcd very dark.) I sure the hardware
specifid bug is more difficuld to find without you can able to reproduce. :(
Many thanks for OpenBSD, i seen better secure OS, then other.(from my wifes
email) GC!bor from Hungary
