Les Mikesell said:
On Wed, 2005-04-06 at 07:12, William Hooper wrote:
Read up on the new secret (poorly documented) ForwardX11Trusted options.
I wouldn't call something in the FAQ poorly documented.
There are probably at least a dozen people somewhere that might understand that paragraph, but I'm not one of them. What's the difference between a trusted and untrusted cookie, and why do I need to care now? (I think this relates to when -X works from the client and when -Y is necessary, but maybe not...).
As "man ssh_config" states "See the X11 SECURITY extension specification for full details on the restrictions imposed on untrusted clients." This is really an option that SSH passes to xauth.
Basically, untrusted X11 clients can't interact with trusted X11 clients. This prevents your X session from being sniffed if the remote file permissions aren't correct (or you don't trust the sysadmin).
While it sounds good in theory, in the real word it breaks just about every X app. The luck apps refuse to start, the unlucky ones crash in the middle of execution.