Re: [fw-wiz] X11 forwarding

From: David Lang (david.lang@digitalinsight.com)
Date: 08/23/02 

From: David Lang <david.lang@digitalinsight.com>
To: hermit921 <hermit921@yahoo.com>
Date: Fri Aug 23 20:23:01 2002

part of it will depend on what direction you are forwarding the X11
traffic.

I am also interested in the answer but would like to find out about it in
the following situations.

1. desktop in low security domain, server running the process in high
security domain (tcp connection made from high security domain to low
security domain)

2. desktop in high security domain, server running the process in low
security domain (tcp connection made from low security domain to high
security domain)

3. does it change anything if you are useing a X11 proxy that gets enabled
for each user on demand as opposed to leaving the port open all the time
(for example the FWTK x-gw started from tn-gw after strong authentication,
other firewall products have other methods)

David Lang

On Fri, 23 Aug 2002, hermit921 wrote:

> Date: Fri, 23 Aug 2002 10:07:21 -0700
> From: hermit921 <hermit921@yahoo.com>
> To: firewall-wizards@honor.icsalabs.com
> Subject: [fw-wiz] X11 forwarding
>
> How much of a security problem is X11 forwarding? I see CERT recommends
> using a version that allows this to be turned off, but doesn't specifically
> recommend that X11 forwarding be disabled.
>
> Neil
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>