[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Plash] Re: [cap-talk] Plash: Empowering Security

From: Mark Seaborn
Subject: Re: [Plash] Re: [cap-talk] Plash: Empowering Security
Date: Tue, 08 Apr 2008 13:00:16 +0100

On Tue, 2008-04-08 at 01:08 +0300, Timo Lindfors wrote:
> Mark Seaborn <address@hidden> writes:
> > X11 access is not quite innocuous. :-)  X is a big can of worms that
> > will require a lot of work to make safe. [2]
> Indeed. I today noticed that even with 'ssh -X' remote host can log
> everything I type:

By default "ssh -X" doesn't use the XSecurity extension on Debian or
Ubuntu.  See "ForwardX11Trusted" on the ssh_config man page.  I think
they disabled this by default because it breaks enough X applications to
be a problem.  If I remember correctly, it breaks Gtk's pop-up menus.
There is an explanation of why this breaks on

Mark Seaborn
Software Engineer

Cmed Technology Ltd.
Registered in England and Wales No. 3869835
Registered Office and Address for Communication:
Holmwood, Broadlands Business Campus,
Langhurstwood Road, Horsham, RH12 4QP, United Kingdom

E address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]