Jason Stelzer on 19 Aug 2010 10:50:28 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] X11 security

  • From: Jason Stelzer <jason.stelzer@gmail.com>
  • To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
  • Subject: Re: [PLUG] X11 security
  • Date: Thu, 19 Aug 2010 13:50:21 -0400
  • Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=8iw92IKjG4+wVvl3YQqKb1jv4/DDVjg5tYosMPwJM3I=; b=UjNDu269+0LfT7a8KTzK18wsQqyL6G/LTbn7T7E/Tj7xeqPoppvXK2++XGwADthI6H 05jLY7KYW8+wtteAl8H0bksJ7KPyeFHTThqGfOyuJBs5Beh34DsHfWcBLii8T1AWqVhX 01DapSM/jxkiMerMiMixsGWe9iPH+dbN/fLrw=
  • Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
  • Sender: plug-bounces@lists.phillylinux.org

Just so you're clear....

A while back openssh deprecated the old -X for -Y. The -Y implements
what the -X used to do in the first place. -X was updated to try and
restrict what X11 clients were permitted to do with limited success.

The new -X tries to use the 'security' feature of X11. It prohibits
windows from doing things like... looking at the contents of other
windows, etc. However, its adoption was very slow and thus we have the
-X or -Y option today.

X11 is probably my least favorite aspect of linux as a desktop. About
the only thing going for it these days is that nobody programs for it.
Most projects are using Qt or gtk or some other toolkit to stay as far
away from I39L as possible.

On Thu, Aug 19, 2010 at 1:38 PM, Joe Kisela <jkisela@gmail.com> wrote:
> @Jason Stelzer
> Ok, I'll take a look at that PDF, thanks.
> X11 is by default a very scary insecure implementation, once you have a
> client program drawing on the server, it has access to EVERY X11 atom. Thus
> the MIT magic cookie, and I will assume that the -Y takes this further.
> Again, thanks for the PDF
> -joe.
> ___________________________________________________________________________
> Philadelphia Linux Users Group     --    Âhttp://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion Â-- Â http://lists.phillylinux.org/mailman/listinfo/plug

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug