Re: Ulrich Flegel's SSH/X11 "vulnerability"

alanLXORGUK.UKUU.ORG.UK

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Eivind Eklund: "Re: Possible weakness in LPD protocol"
• Previous message: John W. Temples: "Re: TCPwrappers race condition"
• In reply to: Robert Watson: "Re: Ulrich Flegel's SSH/X11 "vulnerability""
• Next in thread: Cy Schubert - ITSD Open Systems Group: "Re: Ulrich Flegel's SSH/X11 "vulnerability""

> > provides a major security improvement by not sending the authorization
> > cookie or the X11 packets in the clear.
>
> For increased security, the XFree86 Xnest server can be used to protect
> your display.  For example:
>
> Xnest :2 ; xterm -display :2 -e slogin -l username remotehost

Xnest isnt ideal and there is a better system available now. XFree86 3.3
supports the Broadway extensions, and one aspect of that is the ability
to partition X clients into groups. It's used to do things like run untrusted
X apps in netscape plugins. Each group has its own xauth and they can share
information. Have a look at xrx and Xsecurity in the X11R6.3 build tree.

In theory ssh could make use of the Xsecurity features.

Alan

• Next message: Eivind Eklund: "Re: Possible weakness in LPD protocol"
• Previous message: John W. Temples: "Re: TCPwrappers race condition"
• In reply to: Robert Watson: "Re: Ulrich Flegel's SSH/X11 "vulnerability""
• Next in thread: Cy Schubert - ITSD Open Systems Group: "Re: Ulrich Flegel's SSH/X11 "vulnerability""