Bug#474785: [Plash] Re: [cap-talk] Plash: Empowering Security

To: plash@nongnu.org
Cc: 474785@bugs.debian.org
Subject: Bug#474785: [Plash] Re: [cap-talk] Plash: Empowering Security
From: Mark Seaborn <mseaborn@cmedresearch.com>
Date: Tue, 08 Apr 2008 13:00:16 +0100
Message-id: <[🔎] 1207656016.31454.93.camel@tonytheprawn>
Reply-to: Mark Seaborn <mseaborn@cmedresearch.com>, 474785@bugs.debian.org
In-reply-to: <843apxjp33.fsf@sauna.l.org>
References: <1207515945.31966.12.camel@clpc130.comlab.ox.ac.uk> <20080407.211156.861024752.mrs@localhost.localdomain> <843apxjp33.fsf@sauna.l.org>

On Tue, 2008-04-08 at 01:08 +0300, Timo Lindfors wrote:
> Mark Seaborn <mrs@mythic-beasts.com> writes:
> > X11 access is not quite innocuous. :-)  X is a big can of worms that
> > will require a lot of work to make safe. [2]
> 
> Indeed. I today noticed that even with 'ssh -X' remote host can log
> everything I type:
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=474785

By default "ssh -X" doesn't use the XSecurity extension on Debian or
Ubuntu.  See "ForwardX11Trusted" on the ssh_config man page.  I think
they disabled this by default because it breaks enough X applications to
be a problem.  If I remember correctly, it breaks Gtk's pop-up menus.
There is an explanation of why this breaks on
http://plash.beasts.org/wiki/X11SecurityRequirements.

-- 
Mark Seaborn
Software Engineer

Cmed Technology Ltd.
Registered in England and Wales No. 3869835
Registered Office and Address for Communication:
Holmwood, Broadlands Business Campus,
Langhurstwood Road, Horsham, RH12 4QP, United Kingdom

E mseaborn@cmedresearch.com
W www.cmedresearch.com

Reply to:

Follow-Ups:
- Bug#474785: [Plash] Re: [cap-talk] Plash: Empowering Security
  - From: Timo Lindfors <timo.lindfors@iki.fi>

Prev by Date: Bug#470249: (no subject)
Next by Date: Re: Status of input scaling issue and fix in unstable?
Previous by thread: lovely uyi rl Girlfriend coat include.
Next by thread: Bug#474785: [Plash] Re: [cap-talk] Plash: Empowering Security
Index(es):
- Date
- Thread