In message <Pine.3.89.9509291503.A1295-0100000@jamarillo>, Jyri Kaljundi writes : [...]
There's a huge hole in the Netscape remote control mechanism for the X-Windows based clients.=20 Potential impact : anybody can become any user that uses Netscape on any system without sufficient X security. [...] PS: WHY do they bother with PGP and RSA security when they keep such holes = ????
Well, I would susspect that because if your X server isn't "secure" there isn't much you can do that is. Other then xterm, most X programs will respond to "synthetic" events (events gennerated by another programs as opposed to the user), this means with a little work anyone with access to the X server could click open the File menu, select "Open URL", type in a URL, press "Open", click "SaveAs", and so on. Even if all X clients stoped listening to synthetic events (which would be a shame - since they are useful in various contexts) X's event structure allows multiple X cleints to lissten for tthe same events on the same windows, so a simple program could track all keystrokes and capature your passwords. Failing all of that any X client could track ownership of the X selection (the "cut buffer" normally used to hold text), and when it looks like a Unix command (implying that you will be pasting it into the command line) assert ownership of the selection itself and put in "^X^U^H;rm -rf ~/*" followed by a carrage return. That's just off the top of my head ('tho I admit I have written two of the three "exploits" while I was a sysadmin 4 years ago in an effort to convinse my managers to mandate better security then "xhost +"...). So saying "Netscape isn't secure when my X server isn't" is alot like saying "When I leave the front door of my house unlocked my VCR isn't safe!". -- Not speaking for my employer, or anyone other then myself.