[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Urgent - Potential security hole.

From: Michal Jaegermann <michal harddata com>
To: For testers of Fedora Core development releases <fedora-test-list redhat com>
Subject: Re: Urgent - Potential security hole.
Date: Mon, 1 Nov 2004 14:25:20 -0700

On Mon, Nov 01, 2004 at 02:50:59PM -0500, Nalin Dahyabhai wrote:
> On Sat, Oct 30, 2004 at 11:06:13AM -0600, Michal Jaegermann wrote:
> > 
> > There is another problem, though. 'man ssh' says:
> > 
> >    X11 and TCP forwarding
> >      If the ForwardX11 variable is set to "yes" ...
 ...
> > and not a peep about some '-Y'.

> The short-and-probably-inadequate explanation is that untrusted clients
> can only interact/mess with other untrusted clients, the idea being that
> you have clients which might misbehave, and those that you trust to not.

What I can guess, rightly or wrongly, is another story. :-)  I just
pointed out that the current documentation for 'ssh' is somewhat, ah,
inadequte and even a bit misleading.  An explicit reference to other
sources you quote would undoubtely help; as also a word or two about
'-Y' in a subsection entitled "X11 and TCP forwarding".  I am also
not sure if I see right away an example when '-X' option would
be really useful with this version of ssh.  Maybe I do not have
a setup where I can see that?

   Michal

References:
- Re: Urgent - Potential security hole.
  - From: Nalin Dahyabhai

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]