[PATCH] tcp-wrappers support extended to x11 forwards

Kevin Steves stevesk at pobox.com
Thu Nov 29 09:46:25 EST 2001


On Wed, 28 Nov 2001, Osmo Paananen wrote:
:> On Wed, Nov 28, 2001 at 09:35:59AM +0200, Osmo Paananen wrote:
:> > b) add support for ACL's in forwarded X11 ports (if they are not bound to localhost)
:> the ACL is in the fake cookie.
:
:No. ACL controls the locations where the service can be accessed.
:The cookie is more like password, once you know it you are allowed
:to connect.

it's an authentication secret.  but i'm confused.  are you performing X to
the sshd fake X11 socket from remote hosts?  can you explain exactly what
security feature you are looking for and why you want it?




More information about the openssh-unix-dev mailing list