ssh X forwarding change in FC3
Havoc Pennington
hp at redhat.com
Fri Jan 7 18:48:55 UTC 2005
Hi,
The openssh change is totally broken, because none of the clients people
use work with "trusted X" and they could not reasonably be modified to
do so, without an effort on the scale of SELinux or even larger. The
fact that the X server even supports "trusted X" is probably total
nonsense.
So, anyone who claims that "trusted X" is more secure is basically
making a "concrete blocks not connected to the Internet are secure"
argument.
Maybe people who only run xterms would find the new ssh default useful,
but even they presumably like to cut and paste...
I don't know why the default is something that we know is useless and
doesn't work.
Havoc
More information about the devel
mailing list