Urgent - Potential security hole.
Michal Jaegermann
michal at harddata.com
Mon Nov 1 21:25:20 UTC 2004
On Mon, Nov 01, 2004 at 02:50:59PM -0500, Nalin Dahyabhai wrote:
> On Sat, Oct 30, 2004 at 11:06:13AM -0600, Michal Jaegermann wrote:
> >
> > There is another problem, though. 'man ssh' says:
> >
> > X11 and TCP forwarding
> > If the ForwardX11 variable is set to "yes" ...
...
> > and not a peep about some '-Y'.
> The short-and-probably-inadequate explanation is that untrusted clients
> can only interact/mess with other untrusted clients, the idea being that
> you have clients which might misbehave, and those that you trust to not.
What I can guess, rightly or wrongly, is another story. :-) I just
pointed out that the current documentation for 'ssh' is somewhat, ah,
inadequte and even a bit misleading. An explicit reference to other
sources you quote would undoubtely help; as also a word or two about
'-Y' in a subsection entitled "X11 and TCP forwarding". I am also
not sure if I see right away an example when '-X' option would
be really useful with this version of ssh. Maybe I do not have
a setup where I can see that?
Michal
More information about the fedora-test-list
mailing list