OpenSSH Security Advisory: xauth command injection
Nico Kadel-Garcia
nkadel at gmail.com
Mon Mar 14 11:08:39 AEDT 2016
On Fri, Mar 11, 2016 at 9:15 AM, Dag-Erling Smørgrav <des at des.no> wrote:
> Nico Kadel-Garcia <nkadel at gmail.com> writes:
>> Dag-Erling Smørgrav <des at des.no> writes:
>> > Some OS distributions (FreeBSD, RHEL / CentOS, probably Fedora) have
>> > X11Forwarding enabled by default.
>> I'm not sure I see your point.
>
> With X11Forwarding off by default, one would assume that it is only
> enabled on a case-by-case basis for users or groups who already have the
> necessary privileges to run arbitrary code on the server and therefore
> have nothing to gain from exploiting this bug. With X11Forwarding on by
> default, it might remain enabled for e.g. gitolite users.
>
> DES
OK, right. gitolite and similar tools that use ForcCommand, such as
"svn+ssh" based setups or "rsnapshot" based backup setups should be
ideally, be publishing keys with Forcecommand and
no-port-forwarding,no-X11-forwarding,no-pty" options.
More information about the openssh-unix-dev
mailing list