lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: stan.bubrouski at gmail.com (Stan Bubrouski)
Subject: Xfree86 video buffering?

bkfsec wrote:

> Stan Bubrouski wrote:
>
>> That seems like a pretty unhelpful solution.  Say the system 
>> crashes?  Or KDE or
>> X crash?  The same problem will still exist.
>>
>> With this solution someone could intentionally crash your machine to 
>> avoid those
>> routines from running.  I'm not trying to put you down or anything, 
>> in fact I probably
>> know less about video related stuff than most on the list, this just 
>> doesn't seem like
>> the best way to do it.  I have no better suggestions, I'll leave this 
>> one to
>> the experts.
>>
> You'd think that if someone could force a timed crash on the machine 
> intended to save a small amount of data to buffers on the video card, 
> that you'd probably have many more problems on your hands than that.
>
Fair enough but I wasn't really suggesting it, more just pointing out 
that if X died the buffers still wouldn't be flushed if
that is indeed the problem.

> Not to mention that when a machine crashes, most people don't just 
> walk away and say "oh well".  They usually restart the machine to 
> either continue what they were doing, or to make sure that it starts 
> up properly.  We're not really talking about remote information 
> disclosure, we're talking about someone being right at the terminal.
>
Much of the internet is made up of unattended machines...

> My thought on that is that the only way that a crash would work for 
> this is if the person were looking over your shoulder.  At that point, 
> why would they need to crash the system?
>
I simply used a lame example to illustrate a point.  Think of computer 
labs and offices.
If my lab machine crashes I move to another... and someone else may sit 
down and see what I was just doing.

Plus if you work in an office and crash someone's machine while they are 
away from it you can still start it up
and watch the screen before GDM or whatever kick in.  Really though like 
I said I really just wanted to
point out that X not shutting down properly bypasses the proposed 
solution, thats all.

> Likewise, not trying to put you down... just pointing out my 
> observations.
>
Ditto :-D

-sb

>             -Barry
>
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ