Bugtraq mailing list archives

Re: SSH & xauth

From: cazz () RUFF CS JMU EDU (Brian)
Date: Mon, 28 Feb 2000 15:02:26 -0500


Ok, just to make sure everyone completely understands my previous post
about SSH & xauth.

The whole issue is that by default the *SSH CLIENT* automagicly
requests xforwarding from the server if the client was run during an x
session.

The *entire* reason for the above post was NOT to alert people of a
new hole, just to make SSH users aware that by default the SSH Client
is set up to allow a trojanized server control of their x session.

This is more significant than trojanizing the SSH server.  There is a
large amount of control given when X forwarding is on, far beyond the
control of just what goes on in that ssh terminal session.

For absolute security, a client should always give out trust in the
smallest portions available.  Trusting X tunneling by default is not a
good idea, and should be turned off.  As stated in previous postings,
if you must use X, use Xnest.

If this was unclear in my previous post to bugtraq, then I am sorry.

--
Brian Caswell <cazz () ruff cs jmu edu> 
I can levitate birds. Nobody cares.  --- Steven Wright

Current thread:

false alarms by real secure, (continued)
- - false alarms by real secure Danton Nunes (Feb 29)
  - New ZZ Posted Simple Nomad (Feb 29)
- DOS in Trendmicro OfficeScan cerberus (Feb 26)
- Re: SSH & xauth Cy Schubert - ITSD Open Systems Group (Feb 27)
- Re: SSH & xauth Oliver Friedrichs (Feb 25)
  - Re: SSH & xauth Theo de Raadt (Feb 27)
    - Re: SSH & xauth Cy Schubert - ITSD Open Systems Group (Feb 28)
    - Serv-U FTP-Server v2.4a showing real path Berk Ulsoy (Feb 28)
    - Re: SSH & xauth Robert Watson (Feb 28)
    - Re: SSH & xauth Niels Provos (Feb 28)
- Re: SSH & xauth Brian (Feb 28)
- Re: SSH & xauth Robert Watson (Feb 28)