Re: Ulrich Flegel's SSH/X11 "vulnerability"

Alan Cox (alan@LXORGUK.UKUU.ORG.UK)
Fri, 03 Oct 1997 21:18:54 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Eivind Eklund: "Re: Possible weakness in LPD protocol"
Previous message: John W. Temples: "Re: TCPwrappers race condition"
Maybe in reply to: Tatu Ylonen: "Ulrich Flegel's SSH/X11 "vulnerability""
Next in thread: Cy Schubert - ITSD Open Systems Group: "Re: Ulrich Flegel's SSH/X11 "vulnerability""

> > provides a major security improvement by not sending the authorization
> > cookie or the X11 packets in the clear.
>
> For increased security, the XFree86 Xnest server can be used to protect
> your display. For example:
>
> Xnest :2 ; xterm -display :2 -e slogin -l username remotehost

Xnest isnt ideal and there is a better system available now. XFree86 3.3
supports the Broadway extensions, and one aspect of that is the ability
to partition X clients into groups. It's used to do things like run untrusted
X apps in netscape plugins. Each group has its own xauth and they can share
information. Have a look at xrx and Xsecurity in the X11R6.3 build tree.

In theory ssh could make use of the Xsecurity features.

Alan

Next message: Eivind Eklund: "Re: Possible weakness in LPD protocol"
Previous message: John W. Temples: "Re: TCPwrappers race condition"
Maybe in reply to: Tatu Ylonen: "Ulrich Flegel's SSH/X11 "vulnerability""
Next in thread: Cy Schubert - ITSD Open Systems Group: "Re: Ulrich Flegel's SSH/X11 "vulnerability""