On Wed, 18 Oct 2006, Sam Morris wrote: > > sshing to a compromised machine with X forwarding enabled is already a > > big enough problem without adding root exploits. > > > > Don't ssh with X forwarding to an untrusted machine. Ever. > > The point is that I may trust the machine, it may have been compromised
Unfortunately if you cannot know for sure it was not compromised, all you can do to increase your attack surface is to never ssh with X forwading to it. There are alternatives, such as vnc-like systems, which can (in theory) be made a lot safer than straight X11. > Isn't the X11 security extension designed to help with these issues? But Yep, but do you have it set to its strictest modes and declaring all other connections but the ones from your console as "untrusted"? Do you always use xterm in "secure keyboard mode" to type in passwords? I don't know many people who do either. > anyway, you can't deny that this vulnerability increases a users' attack > surface significantly. Especially since someone else pointed out that a Indeed, it does. Give nVidia hell over their irresponsible instance on the issue. Drop nVidia graphics and start using the latest Intel stuff, or the older ATI stuff (ATIs that need properietary drivers are even worse than nVidia), which have non-joke free software support, etc. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
