Re: [PLUG] X11 security

[Jason Stelzer <jason.stelzer@gmail.com>]

Just so you're clear....

A while back openssh deprecated the old -X for -Y. The -Y implements
what the -X used to do in the first place. -X was updated to try and
restrict what X11 clients were permitted to do with limited success.

The new -X tries to use the 'security' feature of X11. It prohibits
windows from doing things like... looking at the contents of other
windows, etc. However, its adoption was very slow and thus we have the
-X or -Y option today.

X11 is probably my least favorite aspect of linux as a desktop. About
the only thing going for it these days is that nobody programs for it.
Most projects are using Qt or gtk or some other toolkit to stay as far
away from I39L as possible.

On Thu, Aug 19, 2010 at 1:38 PM, Joe Kisela <jkisela@gmail.com> wrote:
> @Jason Stelzer
>
> Ok, I'll take a look at that PDF, thanks.
>
> X11 is by default a very scary insecure implementation, once you have a
> client program drawing on the server, it has access to EVERY X11 atom. Thus
> the MIT magic cookie, and I will assume that the -Y takes this further.
>
> Again, thanks for the PDF
>
> -joe.
>
> ___________________________________________________________________________
> Philadelphia Linux Users Group     --    Âhttp://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion Â-- Â http://lists.phillylinux.org/mailman/listinfo/plug
>
>



-- 
J.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug