Bugtraq mailing list archives
Re: SSH / X11 auth: needless complexity -> security problems?
From: Theo de Raadt <deraadt () cvs openbsd org>
Date: Fri, 08 Jun 2001 14:33:49 -0600
this feature was inherited from ossh and the reason was:
1) if $HOME is on NFS, then the cookie travels unencrypted
over the network, this defeats the purpose of X11-fwding
2) $HOME/.Xauthority gets polluted with temorary cookies.
however, i'm not sure whether the benefit justifies the complexity,
so this feature could be removed from future OpenSSH versions.
I cannot tell which is more important. No wait, I can. OK, let's do the home dir thing then. In the NFS case, if someone is sniffing your NFS traffic you are fucked from here to hell.
Current thread:
- Re: SSH allows deletion of other users files..., (continued)
- Re: SSH allows deletion of other users files... Jason DiCioccio (Jun 04)
- Re: SSH allows deletion of other users files... Dan Astoorian (Jun 05)
- Re: SSH allows deletion of other users files... Jerry Connolly (Jun 05)
- Re: SSH allows deletion of other users files... Markus Friedl (Jun 05)
- Re: SSH allows deletion of other users files... aleph1 (Jun 05)
- Re: SSH allows deletion of other users files... David F. Skoll (Jun 04)
- Re: SSH allows deletion of other users files... sarnold (Jun 05)
- Re: SSH allows deletion of other users files... Markus Friedl (Jun 04)
- Re: SSH / X11 auth: needless complexity -> security problems? Peter W (Jun 05)
- Re: SSH / X11 auth: needless complexity -> security problems? Markus Friedl (Jun 08)
- Re: SSH / X11 auth: needless complexity -> security problems? Theo de Raadt (Jun 10)
- Message not available
- Message not available
- Re: SSH / X11 auth: needless complexity -> security problems? Dale Southard (Jun 08)
- Re: SSH / X11 auth: needless complexity -> security problems? Casper Dik (Jun 10)
- Re: SSH allows deletion of other users files... sarnold (Jun 05)
- Re: SSH allows deletion of other users files... Jason DiCioccio (Jun 04)