zlacker

[return to "The Linux Security Circus: On GUI isolation"]
1. tshtf+q3[view] [source] 2011-04-23 23:38:18
>>wglb+(OP)
ssh with X11 forwarding (-X option) had this same problem. A privileged malicious user on the host you were ssh'ed into might be able to monitor the keystrokes of your whole X session.
◧◩
2. sciuru+Rm[view] [source] 2011-04-24 16:18:10
>>tshtf+q3
'-X' is supposedly the safe alternative to '-Y'. However, as a Cygwin/X maintainer says "this is widely considered to be not useful, because the Security extension uses an arbitrary and limited access control policy, which results in a lot of applications not working correctly and what is really a false sense of security"

http://cygwin.com/ml/cygwin-xfree/2008-11/msg00154.html

[go to top]