Patch to add "warn" value to ForwardX11 and ForwardAgent
Dave Dykstra
dwd at bell-labs.com
Wed Oct 31 03:20:53 EST 2001
On Mon, Oct 29, 2001 at 11:35:57PM -0500, Jim Knoble wrote:
> Circa 2001-Oct-30 12:03:29 +1100 dixit Damien Miller:
>
> : On Mon, 29 Oct 2001, Dave Dykstra wrote:
> : > With "warn", you can still use forwarding even though you know a server is
> : > not very well secured, and you will be notified if someone does actually
> : > break into the server and try to take over the forwarding on your session.
> :
> : By which stage it is too late.
> :
> : What would be nicer is some way for the client to get the user to accept
> : / reject each forwarding request.
I considered that, and maybe it should still be an option, but it has some
problems:
1. A forward request can come at any time and it could be very awkward
to prompt in the middle of something that the user is typing into
such as an editor. A pop-up window is a possibility but I think
that's over-engineering.
2. I think it's much more likely that people will disable a prompt than
a warning because it's too much pain for the normal case. Having
notification of a compromise is much better than nothing.
If it would help for the patch to be accepted, I will gladly add a fourth
value "ask", but I would still want the "warn" value.
> http://c.home.cern.ch/c/cons/www/mxconns/
Interesting, but not for the masses I don't think, particularly since it
isn't open source and the license doesn't allow use by businesses.
- Dave Dykstra
More information about the openssh-unix-dev
mailing list