--===============0802747208==
Content-Type: multipart/signed;
boundary="nextPart5513165.qQbnvBVF3p";
protocol="application/pgp-signature";
micalg=pgp-sha1
Content-Transfer-Encoding: 7bit

--nextPart5513165.qQbnvBVF3p
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Sunday 12 February 2006 14:34, Dave Feustel wrote:
> On Sunday 12 February 2006 07:58, Christian Mueller wrote:
> > Anyway:
> > It works only if I log into that remote system with "ssh -X". =C2=A0I s=

aid
> > that the warning is justified and everyone here agreed that you mustn't
> > log into untrusted systems with "ssh -X".

>
> BTW, you have the same problem when you retrieve files from a CVS or SVN
> server using ssh.


That would only work if you had X11 forwarding enabled by default, which we=
=20
already agreed was a stupid idea to do.

There is no point in making up further examples when we already know what t=
he=20
two requirements are:

1) X11 forwarding enabled when ssh'ing into the remore host
2) a remote attacker having access to your .Xauthority file which either me=
ans=20
the attacker is having root privileges or your remote basic rights setup is=
=20
seriously broken

If you really want to increase safety in the cases where you absolutely nee=
d=20
to have X11 forwarding, run it in a different Xserver and a user with low=20
privileges.

Cheers,
Kevin

=2D-=20
Kevin Krammer
Qt/KDE Developer, Debian User
Moderator: www.mrunix.de (German), www.qtcentre.org

--nextPart5513165.qQbnvBVF3p
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQBD7z9inKMhG6pzZJIRAqUHAJ0bBBHAlHSbwJudZ8JCUL EPSxVAzQCeJjnQ
F1CD7vHjttnwmh6tHlrSHxc=
=4Lef
-----END PGP SIGNATURE-----

--nextPart5513165.qQbnvBVF3p--

--===============0802747208==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline


>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<


--===============0802747208==--