ratpoison-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RP] Using q as ratpoison escape character disables <ctrl+q> (<ctrl+

From: Thibault Hild
Subject: Re: [RP] Using q as ratpoison escape character disables <ctrl+q> (<ctrl+q>+q)
Date: Tue, 26 Apr 2005 08:56:50 +0200
User-agent: Mozilla Thunderbird 1.0.2 (X11/20050317)
So no big deal as long as everybody is nice behind the firewall ;).

Thank you all for being so responsive (as ratpoison is) !

Martin Samuelsson a écrit : 
On Mon, Apr 25, 2005 at 09:37:00AM +0200, Thibault Hild wrote:
  
I understand now why it works better but what kind of security hole is it ?
    

If you were to run untrusted software they would be allowed to type into
your Xterms. It lowers your shield a bit, but I wouldn't call it a huge
security hole. Most applications run today are run on the same host and
with the users permissions anyway so there are simpler ways of causing
harm than sending Xevents around.

Any application sending the events still has to be authentificated
as you against the X server.
--
/Martin
reply via email to
[Prev in Thread] Current Thread [Next in Thread]