Urgent - Potential security hole.
Satish Balay
balay at fastmail.fm
Sat Oct 30 15:54:35 UTC 2004
On Sat, 30 Oct 2004, Paul wrote:
> Hi,
>
> I think I've found a hole!
>
> I logged into this box from work yesterday via ssh, compiled Mono and
> some other bits then decided to try if I could run a C# app from this
> machine and view it at work.
>
> I don't have X forwarding enabled and can see this by trying to run
> Firefox on this machine when logged into my sons box - firefox fails to
> run.
>
> The C# application ran and I could use it at work.
>
> I'm using the 643 kernel with everything updated. I'm not sure if this
> is a mono thing or X forwarding being broken. I'm using selinux
> targetted.
>
> This could be a serious problem and I want to be sure before putting it
> into bugzilla as a blocker.
You mention 3 different machines 'this box', 'work', 'sons box'. - and
don't quantify any of them correctly. (which OSes do they run?)
Older ssh by default does 'X11Forwarding' (so firefox should
work). New version of ssh on FC3 requires '-y' option to do the same.
If you ssh into FC3 (from a different machine with older ssh) - you
can run firefox. If you ssh from FC3 into any other machine - you
need 'ssh -y' for it to work.
Note: this is ssh client side option.
Satish
More information about the fedora-test-list
mailing list