Date: Fri, 16 Feb 2001 15:58:21 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: openssh not setting DISPLAY Message-ID: <20010216155821.A6697@Odin.AC.HMC.Edu> In-Reply-To: <33610000.982366319@pyanfar.ece.cmu.edu>; from allbery@ece.cmu.edu on Fri, Feb 16, 2001 at 06:31:59PM -0500 References: <20010216152317.A97818@mollari.cthul.hu> <33610000.982366319@pyanfar.ece.cmu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--h31gzZEtNLTqOjlF Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 16, 2001 at 06:31:59PM -0500, Brandon S. Allbery KF8NH wrote: > On Friday, February 16, 2001 15:23:17 -0800, Kris Kennaway <kris@obsecuri= ty.org> wrote: > +----- > | It's not the default because it allows the remote system to snoop your > | X display, and that's not something you might want so we default to > | being secure. > +--->8 >=20 > That's interesting, since the sshd manpage from openssh says: >=20 > Note that disabling X11 forwarding does not improve secu=AD > rity in any way, as users can always install their own for=AD > warders. There are two different programs with two different defaults. sshd defaults to enabling X11 forwarding because it does not decrease the security of the server, it just annoys the users. In the other hand I believe ssh (the client) defaults to disabling it because it gives root on any host you connect to with forwarding enabled the ability to launch arbitrary applications on your X server which is a security risk if you don't trust the server. The issues are entierly unrelated between the client and the server. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --h31gzZEtNLTqOjlF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6jb6cXY6L6fI4GtQRAtW+AJ9tB273bSj1eCD7S+oF8KPSFGnkjACfQgBj rQ9yPVrTBhxHuRTDb7VlYjw= =h/Cy -----END PGP SIGNATURE----- --h31gzZEtNLTqOjlF-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010216155821.A6697>