Re: Trusted and Untrusted X

From: Holger van Lengerich (
Date: 06/08/05

  • Next message: Nathan Jackson: "Re: client / OpenSSH server / RSA key auth"
    Date: Wed, 8 Jun 2005 22:07:19 +0200
    To: Don C Weber <>

    Hash: SHA1

    > My understanding so far is that normally X forwarding is defaulted to
    > untrusted. This limits the capabilities of the user so that they cannot
    > easily gather information from other windows handled by the X server (i.e.
    > keystroke monitoring, etc.). By using the "-Y" option the user is now able
    > to access things normally protected by the X server. This is notably
    > necessary to use Perl/TK over these connections. I guess this is because
    > Perl/TK is making calls that are normally protected by the X server.
    > My question is this. Is my description accurate?


    > Also, why would they
    > let the clientside handle this and not provide an option on the serverside
    > to control the access privileges of the incoming users?

    As you are trying to protect the X-Server on the SSH-clientside, the
    SSH-serverside has to be regarded as untrusted.

    > Are there other regular instances where trusted X is necessary?

    As you pointed out already trusted X forwarding is necessary if you run X
    applications which won't work with untrusted X11 cookies.

    Some X11 applications may start normally with an untrusted X cookie, but will
    crash as soon as they try to access X resources not available to untrusted
    clients later.
    (E.g. an xterm with an untrusted cookie will crash if you try to cut'n'paste
    to and from it. - At least it did when I checked last year. ;-) )

    [BTW: For my GCIH practical I wrote a paper ( about
    how trusted X11-Forwarding can easily be exploited to gain access to the

    Version: GnuPG v1.4.1 (GNU/Linux)

    -----END PGP SIGNATURE-----

  • Next message: Nathan Jackson: "Re: client / OpenSSH server / RSA key auth"