[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: ssh X forwarding change in FC3

From: Havoc Pennington <hp redhat com>
To: Development discussions related to Fedora Core <fedora-devel-list redhat com>
Subject: Re: ssh X forwarding change in FC3
Date: Sat, 08 Jan 2005 01:45:39 -0500

On Fri, 2005-01-07 at 17:30 -0500, Alan Cox wrote:
> On Fri, Jan 07, 2005 at 01:48:55PM -0500, Havoc Pennington wrote:
> > So, anyone who claims that "trusted X" is more secure is basically
> > making a "concrete blocks not connected to the Internet are secure"
> > argument.
> 
> I'm not so sure. ssh Xnest's work well
> 

True, I can imagine that working since Xnest presumably wouldn't access
anything outside of the Xnest window.

I'd still argue that the feature should be something like:

  Panel -> Actions -> Log In to Remote Machine
  Dialog asks for password if no authorized_keys
  Xnest is launched on remote machine containing a desktop session

And the "trusted X" behavior should be turned on specifically for that
feature since we know it works, but still not by default. Same idea as
targeted SELinux policy.

Havoc

Follow-Ups:
- Re: ssh X forwarding change in FC3
  - From: Alan Cox

References:
- ssh X forwarding change in FC3
  - From: P
- Re: ssh X forwarding change in FC3
  - From: Havoc Pennington
- Re: ssh X forwarding change in FC3
  - From: Alan Cox

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]