On 7/28/06, Yakov Lerner <[EMAIL PROTECTED]> wrote:
On 7/28/06, Nikolai Weibull <[EMAIL PROTECTED]> wrote: > On 7/27/06, Bram Moolenaar <[EMAIL PROTECTED]> wrote: > > > Vim uses the X server for communication. Only users with write access > > to the X server can send a message to Vim. And if you have write > > access, you are also able to send keystrokes to another process, thus > > you can do anything anyway. E.g., by sending keystrokes to an xterm in > > which a shell is running. > > > > That is, I think it works this way. Perhaps someone with more detailed > > knowledge of X server access restrictions can give a better answer. > > Actually, you have to explicitly allow the sending of synthetic > keystrokes to an xterm (the allowSendEvents resource).Via 'editres protocol', you can remotely manipulate resources of running xterm (because xterm is Xt application). I believe that it is possible to turn remotely this allowSendEvents of xterm (if one has X server access). Unless this allowSendEvents is treated differently than other resources; I did not try to write working example. I don't care, I always run with 'xhost +'. > I don't know, > but perhaps Vim "needs" to have something similar. Vim has something similar: gvim --servername "" disables clientserver in gvim.
Well, that's not the same thing. I found this, by the way: http://lists.enyo.de/pipermail/security-announce/2005-May/000002.html Still, I really don't think that other users should be able to connect to a remote Vim. nikolai
