In message: <[EMAIL PROTECTED]>
Chris Green <[EMAIL PROTECTED]> writes:
>On Sat, May 31, 2003 at 10:18:17AM -0700, T. Alexander Popiel wrote:
>> In message: <[EMAIL PROTECTED]>
>> Chris Green <[EMAIL PROTECTED]> writes:
>> >
>> >It seems amazingly unlikely! How many 'innocent applications' are
>> >there which one would run as root and which echo the contents of the
>> >title bar to the display? It's not the sort of thing one does by
>> >mistake really is it?
>>
>> syslog, for one, if you have a root shell running inside an rxvt at
>> the time some maliciously-crafted message gets logged to console or
>> all users...
>>
>Who runs a root shell that accepts messages? Oh well, I suppose it's
>possible but it seems unlikely.
Actually, it's not unlikely at all, in that it's not the root shell
that's accepting messages. It's the user shell which did the 'su'
to spawn the root shell that accepts the message. Consider the
scenario where admin user is logged in, has several rxvts open, and
inside one of those rxvts does an 'su' to root to adjust some fiddly
bit on the machine.
- Alex
