On Wed, 18 Oct 2006 11:48:18 +0100, Dominic Hargreaves wrote: > On Wed, Oct 18, 2006 at 10:42:05AM +0000, Sam Morris wrote: >> On Tue, 17 Oct 2006 21:53:49 -0400, Noah Meyerhans wrote: >> > However, as I read it, >> > it sounds like you can only run arbitrary code if you are actually >> > accessing the X server directly via a client. While this client can be >> > local or remote, nobody is going to allow unauthenticated remote clients >> > to access their X server, so this might not be so bad... >> >> I disagree. SSHing to a compromised host should not open the client >> machine up to security vulnerabilities of this kind. > > Huh? > > sshing to a compromised machine with X forwarding enabled is already a > big enough problem without adding root exploits. > > Don't ssh with X forwarding to an untrusted machine. Ever.
The point is that I may trust the machine, it may have been compromised without me finding out. I should not have to send the hackers who did it an email saying "ok fellas, you got me, here are all my root passwords". > X is not a > secure protocol and with access to your X server a program can wreak > havoc on anything you do on that X server including capturing passwords > and other sensitive data. It's not an issue specific to this > vulnerability. Isn't the X11 security extension designed to help with these issues? But anyway, you can't deny that this vulnerability increases a users' attack surface significantly. Especially since someone else pointed out that a Flash movie or Java applet could exploit the vulnerability (i.e., you don't need to use X11 forwarding to make the vulnerability into a remote one). > Dominic. -- Sam Morris http://robots.org.uk/ PGP key id 1024D/5EA01078 3412 EA18 1277 354B 991B C869 B219 7FDB 5EA0 1078 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
