[CentOS] X11 problem with remote login via SSH
Paul Heinlein
heinlein at madboa.com
Wed Apr 28 20:45:20 UTC 2010
On Wed, 28 Apr 2010, Les Mikesell wrote:
>> ForwardX11Trusted yes
>
> Does anyone know what trusted actually means in this context?
>From the xauth(1) man page:
If the trusted option is used, clients that connect using this
authorization will have full run of the display, as usual. If
untrusted is used, clients that connect using this authorization
will be considered untrusted and prevented from stealing or
tampering with data belonging to trusted clients. See the SECURITY
extension specification for full details on the restrictions
imposed on untrusted clients. The default is untrusted.
Anecdotally, I've seen the mismatch symptoms most clearly when running
multipane applications. I *think* the dynamic is that one pane holds
keyboard/mouse focus, another pane cannot take it.
I haven't seen many folks come to the defense of the X Security
Extension, so I'm unsure if there's any real risk to enabling
ForwardX11Trusted anywhere you'd normally ForwardX11 anyway.
The reference document:
http://refspecs.freestandards.org/X11/security.pdf
--
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
More information about the CentOS
mailing list