Bug#474785: [Plash] Re: [cap-talk] Plash: Empowering Security

To: Mark Seaborn <mseaborn@cmedresearch.com>
Cc: plash@nongnu.org, 474785@bugs.debian.org
Subject: Bug#474785: [Plash] Re: [cap-talk] Plash: Empowering Security
From: Timo Lindfors <timo.lindfors@iki.fi>
Date: Thu, 10 Apr 2008 11:37:15 +0300
Message-id: <[🔎] 84abk2ayx0.fsf@sauna.l.org>
Reply-to: Timo Lindfors <timo.lindfors@iki.fi>, 474785@bugs.debian.org
In-reply-to: <[🔎] 1207656016.31454.93.camel@tonytheprawn> (Mark Seaborn's message of "Tue, 08 Apr 2008 13:00:16 +0100")
References: <1207515945.31966.12.camel@clpc130.comlab.ox.ac.uk> <20080407.211156.861024752.mrs@localhost.localdomain> <843apxjp33.fsf@sauna.l.org> <[🔎] 1207656016.31454.93.camel@tonytheprawn>

Hi,

Mark Seaborn <mseaborn@cmedresearch.com> writes:
> By default "ssh -X" doesn't use the XSecurity extension on Debian or
> Ubuntu.  See "ForwardX11Trusted" on the ssh_config man page.  I think

Now, that was an interesting observation! I can see it in the man page
now that I specifically look for it but I am certain I have read it
many times without paying attention to this difference in the past. In
fact, when I asked even the most security-aware debian-using friends
they too did not know that on a fresh debian box the "secure" way to
run X11 programs from university machines requires quite a lot of
typing:

ssh -o'ForwardX11Trusted no' -X remote.example.com

best regards,
Timo Lindfors

Reply to:

References:
- Bug#474785: [Plash] Re: [cap-talk] Plash: Empowering Security
  - From: Mark Seaborn <mseaborn@cmedresearch.com>

Prev by Date: Bug#464580: Seeing the Same with NVIDIA Cards
Next by Date: Bug#475204: Ring buffer not flushed on Xorg startup (82945G/GZ)
Previous by thread: Bug#474785: [Plash] Re: [cap-talk] Plash: Empowering Security
Next by thread: xorg: Changes to 'debian-unstable'
Index(es):
- Date
- Thread