Xsecurity [was Re: OpenSSH Re: rawhide report: 20040608 changes]
Alan Cox
alan at redhat.com
Wed Jun 9 14:36:18 UTC 2004
On Wed, Jun 09, 2004 at 09:10:15AM -0500, Chris Adams wrote:
> Once upon a time, Havoc Pennington <hp at redhat.com> said:
> > Rather than the old XSECURITY extension we're looking at an
> > SELinux-style approach that the NSA guys are working on, essentially
> > changes all the hardcoded XSECURITY checks in the server into callouts
> > to a configurable policy.
>
> This sounds like a Linux (or Linux with SELinux enabled) specific thing.
> Will it integrate okay with non-Linux OpenSSH?
non Linux X will be XSECURITY based for X11R6.x systems. You can also
do the same trick by making ssh create an Xnest session when you get
a forward.
More information about the fedora-devel-list
mailing list