Re: Likely KDE exploit on 4.1

dave wrote:
I now consider it extremely likely that there is a new KDE exploit
which can be exploited on release 4.1. After having trouble with
the mouse cursor having a mind of its own on my system upgraded to
4.1, I reinstalled all of 4.1 + packages from scratch. I then created
a test user and started kde from that user. The cursor immediately
and repeatably started moving counter to my own motion and away
from a button I wanted to click on. Other evidence suggests to me
that an intruder has a control over my desktop, possibly via a
duplicate display. This problem with the mouse makes the entire
X/kde graphics interface unusable for me. Fortunately I can do
almost everything I need to in console mode, although operating without konqueror is painful.

Can you actually see traffic coming in that represents remote display connections? Can you trust all your internal users? That is, if this is a lab, do you know if someone local is doing something. If someone was coming over the wire (or wireless) you should be able to see the traffic. An easy test is to pull the network connection, or down the net devices and see if the problem persists.

Otherwise, this sounds like X having trouble understanding your mouse. Sometimes X/Y motion is seen backwards when the device was setup funny. At least this is what I used to see on Linux when I used X.
--
clvrmnky <mailto:spamtrap@xxxxxxxxxxxxxxxx>

Direct replies will be blacklisted. Replace "spamtrap" with my name to
contact me directly.
.