ssh X forwarding change in FC3
Havoc Pennington
hp at redhat.com
Sat Jan 8 06:45:39 UTC 2005
On Fri, 2005-01-07 at 17:30 -0500, Alan Cox wrote:
> On Fri, Jan 07, 2005 at 01:48:55PM -0500, Havoc Pennington wrote:
> > So, anyone who claims that "trusted X" is more secure is basically
> > making a "concrete blocks not connected to the Internet are secure"
> > argument.
>
> I'm not so sure. ssh Xnest's work well
>
True, I can imagine that working since Xnest presumably wouldn't access
anything outside of the Xnest window.
I'd still argue that the feature should be something like:
Panel -> Actions -> Log In to Remote Machine
Dialog asks for password if no authorized_keys
Xnest is launched on remote machine containing a desktop session
And the "trusted X" behavior should be turned on specifically for that
feature since we know it works, but still not by default. Same idea as
targeted SELinux policy.
Havoc
More information about the fedora-devel-list
mailing list