On Mon, 6 Jul 2015, Liam O'Toole wrote:
On 2015-07-05, Gordon Messmer > <gordon.messmer@xxxxxxxxx> wrote:
On 07/05/2015 04:51 AM, Liam O'Toole wrote:
At this point, I don't think it's even possible to set
ForwardX11Trusted=no any more. The X SECURITY extension was replaced
with "X Access Control Extension" several years ago.
The perceived difference was a general impression on my part, and not
measured scientifically. Moreover, it was formed years ago, and on a
variety of Linux systems. I concede that it may well be obsolete.
EL6:
ssh -X -o ForwardX11Trusted=no somehost xterm
<select some text in the window>
X Error of failed request: BadAccess (attempt to access private resource denied)
ssh -Y -o ForwardX11Trusted=no somehost xterm
<select some text in the window>
All well.
ssh -X -o ForwardX11Trusted=yes somehost xterm
<select some text in the window>
All well (unsurprising really, seeing as it means the same thing).
-X/-Y/ForwardX11Trusted still do exactly what they've always done, no?
You're trusting the remote host to not misbehave if you use -Y or
ForwardX11Trusted=yes since at the very least you're opening up a fairly large
information leakage to the remote host. That's fine if you do trust it, but
it really isn't if you don't, surely?
jh
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
