On Wed, Jun 09, 2004 at 09:10:15AM -0500, Chris Adams wrote: > Once upon a time, Havoc Pennington <hp@xxxxxxxxxx> said: > > Rather than the old XSECURITY extension we're looking at an > > SELinux-style approach that the NSA guys are working on, essentially > > changes all the hardcoded XSECURITY checks in the server into callouts > > to a configurable policy. > > This sounds like a Linux (or Linux with SELinux enabled) specific thing. > Will it integrate okay with non-Linux OpenSSH? non Linux X will be XSECURITY based for X11R6.x systems. You can also do the same trick by making ssh create an Xnest session when you get a forward.
