Home page logo

bugtraq logo Bugtraq mailing list archives

Re: SSH / X11 auth: needless complexity -> security problems?
From: Theo de Raadt <deraadt () cvs openbsd org>
Date: Fri, 08 Jun 2001 14:33:49 -0600

this feature was inherited from ossh and the reason was:
      1) if $HOME is on NFS, then the cookie travels unencrypted
         over the network, this defeats the purpose of X11-fwding
      2) $HOME/.Xauthority gets polluted with temorary cookies.
however, i'm not sure whether the benefit justifies the complexity,
so this feature could be removed from future OpenSSH versions.

I cannot tell which is more important.  No wait, I can.

OK, let's do the home dir thing then.

In the NFS case, if someone is sniffing your NFS traffic you are
fucked from here to hell.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]