Am Sonntag, 12. Februar 2006 09:04 schrieb Guillaume Laurent:

> Because this article claims to explain a fairly subtle problem that would
> arise in circumstances where a much more obvious problem is already present.
> It's like explaining you shouldn't fire up a Tesla coil in an explosive
> atmosphere.
>
> When you ssh to a machine which sysadmin is not trustworthy, then *anything*
> on that machine is suspect. Including all the programs you will execute there
> remotely, be it X clients or plain shell commands, and even the sshd you're
> logging in through.



I don't fully agree with your assessment. Everything the sysadmin
(or a cracker!) has access to is what happens on the machine he is root on.
Of course that's bad enough but with X11 forwarding enabled he can
attack a *different* machine that may even be behind a firewall
and that would otherwise be completely inaccessible to him.
(And I'd say people will tend to do sensitive things like homebanking
on their local system behind a firewall, not through an ssh tunnel
on some remote machine on the internet)
That's a whole different quality and to me that is not a "fairly subtle
problem".

Christian.


>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<