urxvt synthetic events - security hole?

Ben Price ben.r.price at btinternet.com
Thu Jul 15 11:35:30 CEST 2010


On Thu, Jul 15, 2010 at 02:09:23AM +0200, Marc Lehmann wrote:
> Accepting synthetic events is, of course, not a security hole.

Perhaps I am confused, but wouldn't this mean any program could run
arbitary commands via urxvt? Obviously this wouldn't normally be a
problem, but what about if I had a ``su'' session open? This would
(I think) allow arbitary commands to be run as root.





More information about the rxvt-unicode mailing list