| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: joel.esler at rcert-s.army.mil (Esler, Joel CNTR/Sytex) Subject: Re: Xfree86 video buffering? While I agree that his is an issue. However I don't feel it's a security issue. It's more a "fix the driver damn it issue"... If you can go through all the trouble to set up a camera, or physically sit and see a few seconds worth of XFree Blink.. You most likely have physical access anyway. Physical Access = root. Fix the driver. End of story. On Fri, 2005-02-25 at 22:58 +0300, phased wrote: > If someone has access to your machine, and can make it crash so they can see > what you were doing, someone mentioned this is local infomation disclosure... > they could just look over your shoulder while you were using the machine or > install a mini camera someplace in the room, zoom in on your monitor and > acheive much better results. > > -----Original Message----- > From: Stan Bubrouski <stan.bubrouski@...il.com> > To: "Riad S. Wahby" <rsw@...t.org> > Date: Fri, 25 Feb 2005 13:33:21 -0500 > Subject: [Full-Disclosure] Re: Xfree86 video buffering? > > > > > Riad S. Wahby wrote: > > > > >Stan Bubrouski <stan.bubrouski@...il.com> wrote: > > > > > > > > >>Umm I didn't offer a solution at all? > > >> > > >> > > > > > >Are you making a statement or asking a question? > > > > > > > > > > > Umm more like wondering what you're talking about. > > > > >>I clearly said I wasn't wise enough to devise a solution for this... > > >>which is why I said I'll leave a solution to the experts... > > >> > > >> > > > > > >It's fairly obvious that you either have to do it at shutdown or at > > >startup. When else are you going to do it, while the user is viewing > > >the screen? > > > > > > > > > > > I wasn't making a case for either argument. > > > > >Also, you seem to have taken my email as a personal attack. Calm down, > > >dude. I was participating in a discussion, not holding up a giant "Stan > > >is stupid" sign. > > > > > > > > > > > Go ahead and hold up a sign doesn't bother me, if it did I wouldn't be > > posting to public mailling lists. > > But if you think I'm sitting here steaming about it your barking up the > > wrong tree :-P > > > > I think you're simply inferring too much from what I'm saying. That's all. > > > > Best Regards, > > > > sb > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html -- Esler, Joel CNTR/Sytex <joel.esler@...rt-s.army.mil> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050225/42860f95/attachment.html
Powered by blists - more mailing lists