[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Xsecurity [was Re: OpenSSH Re: rawhide report: 20040608 changes]

From: Alan Cox <alan redhat com>
To: Chris Adams <cmadams hiwaay net>, Development discussions related to Fedora Core <fedora-devel-list redhat com>
Cc:
Subject: Re: Xsecurity [was Re: OpenSSH Re: rawhide report: 20040608 changes]
Date: Wed, 9 Jun 2004 10:36:18 -0400

On Wed, Jun 09, 2004 at 09:10:15AM -0500, Chris Adams wrote:
> Once upon a time, Havoc Pennington <hp redhat com> said:
> > Rather than the old XSECURITY extension we're looking at an
> > SELinux-style approach that the NSA guys are working on, essentially
> > changes all the hardcoded XSECURITY checks in the server into callouts
> > to a configurable policy.
> 
> This sounds like a Linux (or Linux with SELinux enabled) specific thing.
> Will it integrate okay with non-Linux OpenSSH?

non Linux X will be XSECURITY based for X11R6.x systems. You can also
do the same trick by making ssh create an Xnest session when you get
a forward.

References:
- rawhide report: 20040608 changes
  - From: Build System
- OpenSSH Re: rawhide report: 20040608 changes
  - From: Stephen Smoogen
- Xsecurity [was Re: OpenSSH Re: rawhide report: 20040608 changes]
  - From: Havoc Pennington
- Re: Xsecurity [was Re: OpenSSH Re: rawhide report: 20040608 changes]
  - From: Chris Adams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]