Date: Fri, 16 Feb 2001 15:34:15 -0800 From: Kris Kennaway <kris@obsecurity.org> To: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu> Cc: Kris Kennaway <kris@obsecurity.org>, Stephen Montgomery-Smith <stephen@math.missouri.edu>, Randy Bush <randy@psg.com>, FreeBSD Stable <freebsd-stable@FreeBSD.ORG> Subject: Re: openssh not setting DISPLAY Message-ID: <20010216153415.A98116@mollari.cthul.hu> In-Reply-To: <33610000.982366319@pyanfar.ece.cmu.edu>; from allbery@ece.cmu.edu on Fri, Feb 16, 2001 at 06:31:59PM -0500 References: <20010216152317.A97818@mollari.cthul.hu> <33610000.982366319@pyanfar.ece.cmu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Fri, Feb 16, 2001 at 06:31:59PM -0500, Brandon S. Allbery KF8NH wrote: > On Friday, February 16, 2001 15:23:17 -0800, Kris Kennaway <kris@obsecurity.org> wrote: > +----- > | It's not the default because it allows the remote system to snoop your > | X display, and that's not something you might want so we default to > | being secure. > +--->8 > > That's interesting, since the sshd manpage from openssh says: > > Note that disabling X11 forwarding does not improve secu > rity in any way, as users can always install their own for > warders. Yes, users are free to weaken the security of their session if they wish, but it's not done by default. Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6jbj3Wry0BWjoQKURAnMcAJ4m2mFfHCvEKZwpsY+qUdbbJw7YRQCg3YcI avUgseyZPTn9kwUcpdLuNFg= =C/wA -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010216153415.A98116>