[CentOS] Problem with export X
William Hooper
whooperhsd3 at earthlink.net
Wed Apr 6 20:48:06 UTC 2005
Les Mikesell said:
> On Wed, 2005-04-06 at 07:12, William Hooper wrote:
>
>>>
>>> Read up on the new secret (poorly documented) ForwardX11Trusted
>>> options.
>>
>> I wouldn't call something in the FAQ poorly documented.
>>
>>
>> http://openssh.org/faq.html#3.13
>>
>
> There are probably at least a dozen people somewhere that might
> understand that paragraph, but I'm not one of them. What's the difference
> between a trusted and untrusted cookie, and why do I need to care now? (I
> think this relates to when -X works from the client and when -Y is
> necessary, but maybe not...).
As "man ssh_config" states "See the X11 SECURITY extension specification
for full details on the restrictions imposed on untrusted clients." This
is really an option that SSH passes to xauth.
Basically, untrusted X11 clients can't interact with trusted X11 clients.
This prevents your X session from being sniffed if the remote file
permissions aren't correct (or you don't trust the sysadmin).
While it sounds good in theory, in the real word it breaks just about
every X app. The luck apps refuse to start, the unlucky ones crash in the
middle of execution.
--
William Hooper
More information about the CentOS
mailing list