zlacker

[return to "The Linux Security Circus: On GUI isolation"]
1. tshtf+q3[view] [source] 2011-04-23 23:38:18
>>wglb+(OP)
ssh with X11 forwarding (-X option) had this same problem. A privileged malicious user on the host you were ssh'ed into might be able to monitor the keystrokes of your whole X session.
◧◩
2. teduna+o5[view] [source] 2011-04-24 00:53:58
>>tshtf+q3
Note that hasn't been true for years and years. -Y and -X are different.
◧◩◪
3. rst+D6[view] [source] 2011-04-24 01:44:01
>>teduna+o5
So, trying again... here are the caveats on -X, from the man page on the current version[1]:

     -X      Enables X11 forwarding.  This can also be specified on a per-host
             basis in a configuration file.

             X11 forwarding should be enabled with caution.  Users with the
             ability to bypass file permissions on the remote host (for the
             user's X authorization database) can access the local X11 display
             through the forwarded connection.  An attacker may then be able
             to perform activities such as keystroke monitoring.
So, it's not documented as being proof against hostile parties with root at the remote end; in fact, it's documented as being vulnerable...

[1] http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion...

[go to top]