Re: [Plash] Re: [cap-talk] Plash: Empowering Security

plash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Plash] Re: [cap-talk] Plash: Empowering Security

From:	Mark Seaborn
Subject:	Re: [Plash] Re: [cap-talk] Plash: Empowering Security
Date:	Tue, 08 Apr 2008 13:00:16 +0100

On Tue, 2008-04-08 at 01:08 +0300, Timo Lindfors wrote:
> Mark Seaborn <address@hidden> writes:
> > X11 access is not quite innocuous. :-)  X is a big can of worms that
> > will require a lot of work to make safe. [2]
> 
> Indeed. I today noticed that even with 'ssh -X' remote host can log
> everything I type:
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=474785

By default "ssh -X" doesn't use the XSecurity extension on Debian or
Ubuntu.  See "ForwardX11Trusted" on the ssh_config man page.  I think
they disabled this by default because it breaks enough X applications to
be a problem.  If I remember correctly, it breaks Gtk's pop-up menus.
There is an explanation of why this breaks on
http://plash.beasts.org/wiki/X11SecurityRequirements.

-- 
Mark Seaborn
Software Engineer

Cmed Technology Ltd.
Registered in England and Wales No. 3869835
Registered Office and Address for Communication:
Holmwood, Broadlands Business Campus,
Langhurstwood Road, Horsham, RH12 4QP, United Kingdom

E address@hidden
W www.cmedresearch.com

[Prev in Thread]

Current Thread

[Next in Thread]

[Plash] Re: [cap-talk] Plash: Empowering Security, Mark Seaborn, 2008/04/07
- Re: [Plash] Re: [cap-talk] Plash: Empowering Security, Timo Lindfors, 2008/04/07
  - Re: [Plash] Re: [cap-talk] Plash: Empowering Security, Mark Seaborn <=
    - Re: [Plash] Re: [cap-talk] Plash: Empowering Security, Timo Lindfors, 2008/04/10

Prev by Date: Re: [Plash] Re: [cap-talk] Plash: Empowering Security
Next by Date: [Plash] example evince.pkg file
Previous by thread: Re: [Plash] Re: [cap-talk] Plash: Empowering Security
Next by thread: Re: [Plash] Re: [cap-talk] Plash: Empowering Security
Index(es):
- Date
- Thread