Re: Urgent - Potential security hole.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Satish Balay wrote:

On Sat, 30 Oct 2004, Paul wrote:

Hi,

I think I've found a hole!

I logged into this box from work yesterday via ssh, compiled Mono and
some other bits then decided to try if I could run a C# app from this
machine and view it at work.

I don't have X forwarding enabled and can see this by trying to run
Firefox on this machine when logged into my sons box - firefox fails to
run.

The C# application ran and I could use it at work.

I'm using the 643 kernel with everything updated. I'm not sure if this
is a mono thing or X forwarding being broken. I'm using selinux
targetted.

This could be a serious problem and I want to be sure before putting it
into bugzilla as a blocker.

You mention 3 different machines 'this box', 'work', 'sons box'. - and
don't quantify any of them correctly. (which OSes do they run?)

Older ssh by default does 'X11Forwarding' (so firefox should
work). New version of ssh on FC3 requires '-y' option to do the same.

If you ssh into FC3 (from a different machine with older ssh) - you
can run firefox.  If you ssh from FC3 into any other machine - you
need 'ssh -y' for it to work.

Note: this is ssh client side option.

Satish

I agree with Satish. Read the release notes for RC5. There is a section on openssh.

Bob


[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]