ssh X forwarding change in FC3
P at draigBrady.com
P at draigBrady.com
Fri Jan 7 15:12:34 UTC 2005
David Kewley wrote:
> P at draigBrady.com wrote on Thursday 06 January 2005 09:47:
>
>>Essentially what this means is that most X applications will
>>break if forwarded back to a FC3 system with default config.
>>Now it wouldn't be so bad if they just wouldn't work.
>>They break in subtle ways usually related to mouse events.
>>This is just silly IMHO and will cause no end of hassles
>>for users trying to figure out what's going on and
>>also be a waste of time for developers of those X apps
>>who will receive bogus bug reports.
>>
>>So can we change the upstream default back to what it used to be?
>
> It's not just silly -- it reduces the size of a security hole. If X
> apps can be fixed to deal with running as an untrusted X client, then
> they should be fixed. If a given X app can't be run untrusted, I don't
> know what to suggest.
Well it was the failure mode I was describing as silly.
It seems to be most apps in my experience that have
the problem, so perhaps it would be appropriate/possible at the
toolkit level (in the gtk init routines for e.g.) to determine:
if (remote && untrusted)
exit with a reasonable error message
--
Pádraig Brady - http://www.pixelbeat.org
--
More information about the fedora-devel-list
mailing list