I hope I am reporting this in the right place, I am a bit confused about the
difference between flexdock and flexwork!
The X11 version of Flexdock has some misguided code which disables X11 security
and gives any other user on the same computer complete control over the user's
X server. So on a Terminal Server machine one user can log the keystrokes of
another (and worse too).
What steps will reproduce the problem?
1. xhost
2. ant demo.view &
3. xhost
What is the expected output?
access control enabled, only authorized clients can connect
What do you see instead?
access control enabled, only authorized clients can connect
INET:localhost
What version of the product are you using? On what operating system?
Flexdock 0.5.1 on OpenSuse Linux 11.2
Please provide any additional information below.
I attach a patch which fixes the security problem. I think a better fix would
remove more code, but I don't know enough to do that.
Original issue reported on code.google.com by R.Vick...@cs.rhul.ac.uk on 16 Jun 2010 at 11:22
Original issue reported on code.google.com by
R.Vick...@cs.rhul.ac.ukon 16 Jun 2010 at 11:22Attachments: