Re: X11 forward in F12

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday 11 May 2010, Tim wrote:
>On Tue, 2010-05-11 at 14:43 -0700, Suvayu Ali wrote:
>> May I suggest using -Y instead of -X. Its supposed to be more secure.
>
>That's not clear from the man file:
>
>    -X      Enables X11 forwarding.  This can also be specified on a
> per-host basis in a configuration file.
>
>             X11 forwarding should be enabled with caution.  Users with the
>             ability to bypass file permissions on the remote host (for the
>             user’s X authorization database) can access the local X11
> display through the forwarded connection.  An attacker may then be able to
> perform activities such as keystroke monitoring.
>
>             For this reason, X11 forwarding is subjected to X11 SECURITY
>             extension restrictions by default.  Please refer to the ssh -Y
>             option and the ForwardX11Trusted directive in ssh_config(5)
> for more information.
>
>
>
>     -Y      Enables trusted X11 forwarding.  Trusted X11 forwardings are
> not subjected to the X11 SECURITY extension controls.
>
>Looking at that, it sounds like -Y is subjected to less controls, even
>if it may have less of a flaw, in the first place.  It doesn't sound
>reassuring, either way.
>
If I can toss an oar in here, I have always used -Y, mainly because -X has 
never worked for me.  -Y is flawless as long as the user is the X user.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
As a goatherd learns his trade by goat, so a writer learns his trade by 
wrote.
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux