-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
My understanding so far is that normally X forwarding is defaulted to
untrusted. This limits the capabilities of the user so that they cannot
easily gather information from other windows handled by the X server (i.e.
keystroke monitoring, etc.). By using the "-Y" option the user is now able
to access things normally protected by the X server. This is notably
necessary to use Perl/TK over these connections. I guess this is because
Perl/TK is making calls that are normally protected by the X server.
My question is this. Is my description accurate?
Yes.
Also, why would they
let the clientside handle this and not provide an option on the serverside
to control the access privileges of the incoming users?
As you are trying to protect the X-Server on the SSH-clientside, the
SSH-serverside has to be regarded as untrusted.
Are there other regular instances where trusted X is necessary?
As you pointed out already trusted X forwarding is necessary if you run X
applications which won't work with untrusted X11 cookies.
Some X11 applications may start normally with an untrusted X cookie, but will
crash as soon as they try to access X resources not available to untrusted
clients later.
(E.g. an xterm with an untrusted cookie will crash if you try to cut'n'paste
to and from it. - At least it did when I checked last year. ;-) )
[BTW: For my GCIH practical I wrote a paper (http://snakeoil.de/gcih.pdf) about
how trusted X11-Forwarding can easily be exploited to gain access to the
SSH-clientside.]
Regards,
Holger
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCp0/3YEHA5g01Z74RApOWAKCkmCI0O3YgwgvSbJb25ukn8XIUgACeJWf8
370xfMaf++VPvSarAsOTzHw=
=x9HP
-----END PGP SIGNATURE-----
