zlacker

[return to "The Linux Security Circus: On GUI isolation"]
1. tshtf+q3[view] [source] 2011-04-23 23:38:18
>>wglb+(OP)
ssh with X11 forwarding (-X option) had this same problem. A privileged malicious user on the host you were ssh'ed into might be able to monitor the keystrokes of your whole X session.
◧◩
2. teduna+o5[view] [source] 2011-04-24 00:53:58
>>tshtf+q3
Note that hasn't been true for years and years. -Y and -X are different.
◧◩◪
3. rst+G5[view] [source] 2011-04-24 01:03:23
>>teduna+o5
[deleted former mummery after five-minute fact-check]

Unfortunately, the documentation on -X and -Y is awfully confusing. On a casual read, it looks like -Y is less safe, since practically the only thing the docs for -Y say is that forwarded connections are "not subjected to X11 SECURITY extension controls"...

[go to top]