On Sat, Dec 24, 2011 at 01:10:04AM +0100, v kitti wrote: > Dear Programmers! I use OpenBSD, and i find a litle, or not litle bug (if > security problem). I just user, and beginner in OpenBSD, not hard in english, > sorry if not quality bug report, but i want. :) To see the bug:I want take > harden exploitable user whidth separated as another user runned browser and > skype, i seen it work good, but find the bug..., not too big to good usage, > but maybe security: To reproduce:( pwd : /home/myusername )'xauth -f > .untrusted_user generate :0 . untrusted timeout 10xauth -f .untrusted_user > extract - :0 > /home/net/.Xauthorityexport HOME=/home/netexport > XAUTHORITY=/home/net/.Xauthority/usr/bin/sudo -u net /usr/local/bin/geany' > ( editor is more convenient to reproduce ) > Now i have an editor as untrused X client, who not can everything in X.I > create xterm, as user 'myusername'. If i want copy text from editor, > or skype, or firefox whidth midle mouse button in many times (about 2-5 probe, > move between the windows, and klick), to xterm, that trusted user running, > than crash the xterm. That's all, i hope not security bug, just in the > usage of the X auth security.I use almost original: OpenBSD xxxxxxxxxxxx 5.0 > GENERIC#43 i386 I take a litle modification, becouse a hardware driver bug > hardening my life. :) (An old Asus laptop, and disable acpi, becouse freeze > the machine if i press Ctrl-Alt-F2, and maybe other case.) (On another netbook > find hardware driver bug too, i must disable ahci driver, and Usb 2.0 ehci, > becouse both freeze my machine. In this machine must take display.brightness > to min. 10, becouse the default is take my lcd very dark.) I sure the hardware > specifid bug is more difficuld to find without you can able to reproduce. :( > Many thanks for OpenBSD, i seen better secure OS, then other.(from my wifes > email) GC!bor from Hungary
You provide insufficient detail. A minimal bug report must at least contain the dmesg of the machine. Since your problem appears to be related to X, a copy of /var/log/Xorg.0.log is required. Your English is indeed not very well, but the readability of your e-mail will be greatly improved by using newlines, separating the text into logical units. I'm spending way too much effort on finding the text I want to read at the moment, instead of reading it. :) -- Ariane
