[14085] in bugtraq
Re: SSH & xauth
daemon@ATHENA.MIT.EDU (Brian)
Tue Feb 29 21:20:57 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000228150226.A19949@ruff.cs.jmu.edu>
Date: Mon, 28 Feb 2000 15:02:26 -0500
Reply-To: Brian <cazz@RUFF.CS.JMU.EDU>
From: Brian <cazz@RUFF.CS.JMU.EDU>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Ok, just to make sure everyone completely understands my previous post
about SSH & xauth.
The whole issue is that by default the *SSH CLIENT* automagicly
requests xforwarding from the server if the client was run during an x
session.
The *entire* reason for the above post was NOT to alert people of a
new hole, just to make SSH users aware that by default the SSH Client
is set up to allow a trojanized server control of their x session.
This is more significant than trojanizing the SSH server. There is a
large amount of control given when X forwarding is on, far beyond the
control of just what goes on in that ssh terminal session.
For absolute security, a client should always give out trust in the
smallest portions available. Trusting X tunneling by default is not a
good idea, and should be turned off. As stated in previous postings,
if you must use X, use Xnest.
If this was unclear in my previous post to bugtraq, then I am sorry.
--
Brian Caswell <cazz@ruff.cs.jmu.edu>
I can levitate birds. Nobody cares. --- Steven Wright
