[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSH / X11 auth: needless complexity -> security problems?

To: Markus Friedl <mfriedl@genua.de>
Subject: Re: SSH / X11 auth: needless complexity -> security problems?
From: Theo de Raadt <deraadt@cvs.openbsd.org>
Date: Fri, 08 Jun 2001 14:33:49 -0600
Cc: Peter W <peterw@usa.net>, sarnold@wirex.com, bugtraq@securityfocus.com, peterw@tux.org

> this feature was inherited from ossh and the reason was:
>       1) if $HOME is on NFS, then the cookie travels unencrypted
>          over the network, this defeats the purpose of X11-fwding
>       2) $HOME/.Xauthority gets polluted with temorary cookies.
> however, i'm not sure whether the benefit justifies the complexity,
> so this feature could be removed from future OpenSSH versions.

I cannot tell which is more important.  No wait, I can.

OK, let's do the home dir thing then.

In the NFS case, if someone is sniffing your NFS traffic you are
fucked from here to hell.

Prev by Date: WatchGuard SMTP Proxy issue
Next by Date: Re: Network Solutions Crypt-PW Authentication-Scheme vulnerability
Prev by thread: Re: SSH / X11 auth: needless complexity -> security problems?
Next by thread: [RHSA-2001:075-04] Updated xinetd package available for Red Hat Linux 7 and 7.1
Index(es):
- Date
- Thread