<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Re: SSH / X11 auth: needless complexity -> security problems?

Re: SSH / X11 auth: needless complexity -> security problems?

From: Theo de Raadt <deraadt_at_cvs.openbsd.org>
Date: Fri, 08 Jun 2001 14:33:49 -0600

> this feature was inherited from ossh and the reason was:
> 1) if $HOME is on NFS, then the cookie travels unencrypted
> over the network, this defeats the purpose of X11-fwding
> 2) $HOME/.Xauthority gets polluted with temorary cookies.
> however, i'm not sure whether the benefit justifies the complexity,
> so this feature could be removed from future OpenSSH versions.

I cannot tell which is more important. No wait, I can.

OK, let's do the home dir thing then.

In the NFS case, if someone is sniffing your NFS traffic you are
fucked from here to hell.
Received on Jun 10 2001

This message: [ Message body ]
Next message: David F. Skoll: "RE: SECURITY.NNOV: Outlook Express address book spoofing"
Previous message: Peter W: "Re: Webtrends HTTP Server %20 bug (UTF-8)"
In reply to: Markus Friedl: "Re: SSH / X11 auth: needless complexity -> security problems?"
Next in thread: Dale Southard: "Re: SSH / X11 auth: needless complexity -> security problems?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos