Re: X11 exploit info
Am Sonntag, 12. Februar 2006 12:02 schrieb Ivor Hewitt:
> It's off by default. You have to explicitly turn it on. The idea that people
> will be ssh'd into a remote box with X forwarding and doing their home
> banking is absurd.[/color]
Having an "ssh -X" tunnel up for doing some work that requires it,
then making a 5 minute break opening a browser *locally* for doing
homebanking is absurd?
> No. If the remote machine is compromised then potentially the remote sshd is
> compromised too. That's not just *your* version of the ssh client that's
> used, anything your ssh client sends to the remote server is available
I'm talking about the things my ssh client *doesn't* ever get to see
let alone send it to a compromised server counterpart, for example
passwords I enter in my locally running browser. This too can
be snooped if X11 forwarding is on (because the X11 API allows it
and "ssh -X" forwards the X11 requests).
> Not only that but if you're ssh'd into the remote machine then
> no doubt you're going to be running programs there too? after all, why else
> would you be X forwarding? and any of those programs could be compromised.[/color]
Sure, what these programs do *on the remote side* is under the control
of the admin/cracker. That's bad but it's not what I was talking about.
These programs cannot screw with my *local* activities if X11
forwarding is off.
>> Visit [url]http://mail.kde.org/mailman/listinfo/kde-devel#unsub[/url] to unsubscribe <<[/color][/color]