On Tue, 28 Oct 2003 18:12, Tom Goulet (UID0) wrote: > I'm curious what a malicious user could do with access to the > framebuffer device via the </dev/fb0> device file. Could a malicious > user see anything other than what's on his or her virtual console or X > session?
A malicious user who logs in via ssh can see the virtual console of whoever is running X or a VT login. fbgrab is a good example program. Such a malicious user could also display arbitary data on the screen. This couldn't be used for a login: prompt (no keyboard access), but could be used to mislead the user as to what program they are really communicating with. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
