Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Trusted and Untrusted X

from [Don C Weber] Network Security [Permanent Link]
Subject: Trusted and Untrusted X
Date: Wed, 8 Jun 2005 10:27:16 -0500 
 Since version 3.8 OpenSSH has given the user the "-Y" option to enable
trusted X forwarding.  After reading the SSH documentation, the new SSH
O'reilly book, and the X man pages I am still confused as to what this is
actually giving the user or why they would let the user select this option.

   My understanding so far is that normally X forwarding is defaulted to
untrusted.  This limits the capabilities of the user so that they cannot
easily gather information from other windows handled by the X server (i.e.
keystroke monitoring, etc.).  By using the "-Y" option the user is now able
to access things normally protected by the X server.  This is notably
necessary to use Perl/TK over these connections.  I guess this is because
Perl/TK is making calls that are normally protected by the X server.

   My question is this.  Is my description accurate?  Also, why would they
let the clientside handle this and not provide an option on the serverside
to control the access privileges of the incoming users?  Are there other
regular instances where trusted X is necessary?

Thank you in advance,
Don
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Working out a OS X 10.4 Tiger ssh implementation issue, slow logins, Scott Haneda
Next by Date:  Re: Trusted and Untrusted X, Holger van Lengerich
Previous by Thread:  Help Building Standalone OpenSSH Binaries for the NT Platform, Victor B. Gonzalez
Next by Thread:  Re: Trusted and Untrusted X, Holger van Lengerich
Indexes:  [Date] [Thread] [Top] [All Lists]