Bug#474785: [Plash] Re: [cap-talk] Plash: Empowering Security
On Tue, 2008-04-08 at 01:08 +0300, Timo Lindfors wrote:
> Mark Seaborn <mrs@mythic-beasts.com> writes:
> > X11 access is not quite innocuous. :-) X is a big can of worms that
> > will require a lot of work to make safe. [2]
>
> Indeed. I today noticed that even with 'ssh -X' remote host can log
> everything I type:
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=474785
By default "ssh -X" doesn't use the XSecurity extension on Debian or
Ubuntu. See "ForwardX11Trusted" on the ssh_config man page. I think
they disabled this by default because it breaks enough X applications to
be a problem. If I remember correctly, it breaks Gtk's pop-up menus.
There is an explanation of why this breaks on
http://plash.beasts.org/wiki/X11SecurityRequirements.
--
Mark Seaborn
Software Engineer
Cmed Technology Ltd.
Registered in England and Wales No. 3869835
Registered Office and Address for Communication:
Holmwood, Broadlands Business Campus,
Langhurstwood Road, Horsham, RH12 4QP, United Kingdom
E mseaborn@cmedresearch.com
W www.cmedresearch.com
Reply to: