X11 forwards and libwrap support
Osmo Paananen
odie at rotta.media.sonera.net
Thu Nov 15 02:35:21 EST 2001
Hi!
Is there any reason why support for the libwrap code isn't included
in the X11 forwarding code? I'd like to restrict access to that
port.
How many applications would break if the tcp port
would be closed and only the unix-domain socket would be available?
It's true that x11 forwardings can be considered as a security
risk and they are disabled because of that by default.
I think that the risk can be made (a bit) smaller if there were
more controls available to restrict access to the forwarded ports.
Another question: is it requirement that the forwarded X11 port is
bound to * instead of specific interface?
Comments, suggestions?
--
Osmo Paananen
More information about the openssh-unix-dev
mailing list