[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ssh X forwarding change in FC3



On Fri, 2005-01-07 at 17:30 -0500, Alan Cox wrote:
> On Fri, Jan 07, 2005 at 01:48:55PM -0500, Havoc Pennington wrote:
> > So, anyone who claims that "trusted X" is more secure is basically
> > making a "concrete blocks not connected to the Internet are secure"
> > argument.
> 
> I'm not so sure. ssh Xnest's work well
> 

True, I can imagine that working since Xnest presumably wouldn't access
anything outside of the Xnest window.

I'd still argue that the feature should be something like:

  Panel -> Actions -> Log In to Remote Machine
  Dialog asks for password if no authorized_keys
  Xnest is launched on remote machine containing a desktop session

And the "trusted X" behavior should be turned on specifically for that
feature since we know it works, but still not by default. Same idea as
targeted SELinux policy.

Havoc



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]