Re: X11 exploit info
Dne ned=C4=9Ble 12 =C3=BAnor 2006 12:02 Ivor Hewitt napsal(a):[color=blue]
> Ok well apart from the fact that this is about an article from 2004 about
> something that isn't enabled by default and is nothing to do with KDE
> dev... :)
> > > 1. You've given permission by explicitly enabling the "-X" option.[/color]
> > I may have given him permission by the "-X" but that's not what
> > I intended to do. I just wanted to have windows open locally.[/color]
> No you've explicitly made a machine to machine tunnel through all these
> firewalls you're talking about AND then said and now please forward X
> traffiic between these machines too.
> You shouldn't be doing either of those steps against a machine you don't
> > People should be informed that they shouldn't do that.
> > I didn't at some point. The way it works is all very logical if you
> > think about it, but what about those who don't ... it's not that
> > obvious.[/color]
> It's off by default. You have to explicitly turn it on. The idea that
> people will be ssh'd into a remote box with X forwarding and doing their
> home banking is absurd.
> > Of course everything that happens on the remote machine is under his
> > control. Sniffing data and passwords that get to the remote machine in
> > clear text form.
> > But how would that compromise my local machine and
> > activities?
> > It's *my* version of the ssh client that's used and that one won't log
> > keystrokes and send them to Joe Hacker.[/color]
> No. If the remote machine is compromised then potentially the remote sshd
> is compromised too. That's not just *your* version of the ssh client that=[/color]
> used, anything your ssh client sends to the remote server is available
> unencrypted. Not only that but if you're ssh'd into the remote machine th=[/color]
> no doubt you're going to be running programs there too? after all, why el=[/color]
> would you be X forwarding? and any of those programs could be compromised.
> The X traffic is the least of your worries.[/color]
The problem here is, that if you have the compromised remote server, then y=
everything that YOUR client sends gets to the bad guy. Sure. But with X11=20
forwarding, he can do more, he can activelly attack your computer, not just=
passivelly hope you will send him something he may like. He can place a key=
logger onto your local computer, he can take screenshots, he can do *A LOT*=
more. The problem is, it is obvious to anyone that if he sends the password=
there, then it is his will. But not many people would guess that if he=20
connects there and runs some programs, that the other programs on his local=
can be screenshoted, killed, whatever. It says that if the remote machine i=
compromised, then with X11 forwarding, the whole your machine is compromise=
Ostatn=C4=9B soud=C3=ADm, =C5=BEe uzav=C5=99en=C3=A9 protokoly a form=C3=A1=
ty by m=C4=9Bly b=C3=BDt zni=C4=8Deny, stejn=C4=9B=20
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
-----END PGP SIGNATURE-----
Content-Type: text/plain; charset="us-ascii"
>> Visit [url]http://mail.kde.org/mailman/listinfo/kde-devel#unsub[/url] to unsubscribe <<[/color][/color]