Re: X11 exploit info
Am Samstag, 11. Februar 2006 23:45 schrieb Guillaume Laurent:[color=blue]
> On Saturday 11 February 2006 14:39, Ivor Hewitt wrote:[color=green]
> > On Saturday 11 February 2006 12:15, Dave Feustel wrote:[color=darkred]
> > > 05-Jul-2004: SSH Users beware: The hazards of X11 forwarding
> > > =A0Logging into another machine can compromise your desktop...[/color]
> > " If someone on the server can read your ~/.Xauthority file (hopefully =[/color][/color]
> > root, but if you have bad file permissions you're in trouble),"
> > I'm sorry, thats just too stupid to be worth commenting on.[/color]
> There's this gem, too : "any time you SSH to another machine, that machin=[/color]
> administrators could attack you".
> Thanks for the laugh, anyway.[/color]
Why do you think this is funny? =
It's old news, it's *not* an exploit of a programming error =
and it's not exactly on-topic for this list. =
But it's a potential insecurity that follows from the design of X11, =
ssh and the UNIX user privilege system. It's very unpleasant.
I think people should be aware of these issues. The recommendation
near the end of the article is good common sense: =
"So, when should you enable X11 forwarding? =
Only when you really really need to, and only to machines which you trust."
>> Visit [url]http://mail.kde.org/mailman/listinfo/kde-devel#unsub[/url] to unsubscrib=[/color][/color]