[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ssh X forwarding change in FC3



Hi,

The openssh change is totally broken, because none of the clients people
use work with "trusted X" and they could not reasonably be modified to
do so, without an effort on the scale of SELinux or even larger. The
fact that the X server even supports "trusted X" is probably total
nonsense.

So, anyone who claims that "trusted X" is more secure is basically
making a "concrete blocks not connected to the Internet are secure"
argument.

Maybe people who only run xterms would find the new ssh default useful,
but even they presumably like to cut and paste...

I don't know why the default is something that we know is useless and
doesn't work.

Havoc



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]