VectorLinux
November 26, 2014, 11:58:31 pm *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1]
  Print  
Author Topic: can root spy remotely content of X server of another user?  (Read 3279 times)
Witek Mozga
Vectorite
***
Posts: 113



WWW
« on: December 09, 2007, 01:07:23 pm »

Hi,

A friend of mine asked me that question and I`m not sure. Suppose we have a network of linux machines most with X servers running. Can root remotely capture the X server content of these machines somehow? Or maybe he can run a script that will save X data to a file and then re-create what windows were opened and what was on the monitor? Is that easy? If so is there any way to prevent X server spying?
Logged

bigpaws
Vectorian
****
Posts: 1857


« Reply #1 on: December 09, 2007, 06:57:24 pm »

Let's break down the questions:

Quote
Can root remotely capture the X server content of these machines somehow?

The short answer is yes, but not quite that easy. Root on one machine will not be root on the
other machine without permission. In order to access a remote X session you need to have
the Xserver port open, and if a firewall is running allowing access as well.

Quote
Or maybe he can run a script that will save X data to a file and then recreate what windows were opened and what was on the monitor?

Again you can do this, however it will take a little work to accomplish that. First you would need to background the xserver under root and then you can log everything that happened. Of course the logs
would become large quickly.

Quote
Is that easy?

The concept is easy, implementing it is not. First remote exploiting would create a problem if the users
follow easy and safe web browsing principles. If there is physical access then all bets are off. Anyone can own that machine.

Quote
If so is there any way to prevent X server spying

To prevent this attack would be to have a firewall in place, second watch your
logs (mutt point for a good attacker since it is the first place to fix) and also
monitor those that have accessed your machine ( again mutt for a good attack
since wtmp is the second thing to fix) also you can monitor your files and see if
any file is strange bad timestamps and such.

HTH

Bigpaws
Logged
Witek Mozga
Vectorite
***
Posts: 113



WWW
« Reply #2 on: December 10, 2007, 03:23:54 am »

To prevent this attack would be to have a firewall in place, second watch your
logs

Thanks for the answer. What I meant was more about what if a network admin (at someone`s work for example) is a nosy peeping guy and wants to monitor what people are doing instead of working Smiley Anyway I see that there is no easy solution for this or tool that can be downloaded from sourceforge.net and just installed.
Logged

bigpaws
Vectorian
****
Posts: 1857


« Reply #3 on: December 10, 2007, 04:59:49 am »

Quote
What I meant was more about what if a network admin (at someone`s work for example) is a nosy peeping guy and wants to monitor what people are doing instead of working

If the administrator is monitoring your actions then he is working. An administrator should never
take the job lightly since anything that goes wrong is their fault.

The question that you have asked. If I am the administrator with all the passwords then it is
trivial to setup the monitoring your asking about. You can almost bet the bank that any
internet connection has some type of logging. That goes in hand with understanding the
attacks against the network are.

There are admins that abuse their power ( I am the powerful Oz) and then unrealistic users
(I should be able to do anything that I want) neither is a good thing. A balance and open
communication is important, since both groups need each other.

Bigpaws

Logged
Triarius Fidelis
Vecteloper
Vectorian
****
Posts: 2399


Domine, exaudi vocem meam


WWW
« Reply #4 on: December 10, 2007, 05:39:03 am »

A friend of mine asked me that question and I`m not sure. Suppose we have a network of linux machines most with X servers running. Can root remotely capture the X server content of these machines somehow? Or maybe he can run a script that will save X data to a file and then re-create what windows were opened and what was on the monitor? Is that easy? If so is there any way to prevent X server spying?

There is NetOp, which runs on Linux and fits that description to a T. I can't testify to its reliability, however, because I usually turn it off in WinDOS when I'm in class in the Services configuration...
Logged

"Leatherface, you BITCH! Ho Chi Minh, hah hah hah!"

Formerly known as "Epic Fail Guy" and "Döden" in recent months
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!