SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: Do you trust X server? This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] From: Valdis.Kletnieks_at_vt.edu Date: Fri, 18 Mar 2005 11:58:57 -0500 On Fri, 18 Mar 2005 09:35:12 +0100, Tom said: > On Fri, Mar 18, 2005 at 12:26:04AM -0500, Valdis.Kletnieks@vt.edu wrote: > > For a remote exploit of the X server itself, you'd have to find a way to > > exploit the X protocol, > > Not true. > > This was 2002, and it was a DoS, but it shows that the X server can be > attacked through remote applications: > > http://web.lemuria.org/security/mozilla-dos.html > > The short: A font-rendering bug in X can cause a system freeze if mozilla > is instructed to render a huge (like 1666666 pixels) font. Which is what I said - you'd have to find a bug that you can exploit through the client. And as I also said, even if you found such a bug, it would probably result in a crash of either the browser or X. And how many issues have there been with Mozilla and Firefox since 2002? I'd worry more about those... -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. application/pgp-signature attachment: stored Received on Fri 18 Mar 2005 - 12:05:31 EST This message: [ Message body ] Next message: Karl MacMillan: "RE: [RFC & PATCH] inherited type definition." Previous message: Casey Schaufler: "Re: Do you trust X server?" In reply to: Tom: "Re: Do you trust X server?" Next in thread: Stephen Smalley: "Re: Do you trust X server?" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom