[PATCH] tcp-wrappers support extended to x11 forwards
Osmo Paananen
odie at rotta.media.sonera.net
Fri Nov 30 18:16:13 EST 2001
> I you login to SystemB with X forwarding enabled to SystemA, then an
> attacker gets your fake cookie on SystemB, how do you propose to prevent
> him from running X programs and displaying on SystemA - even with the
> proposed X wrapper support? It doesn't seem stoppable, since you've
> enable forwarding for SystemB-to-SystemA, the attacker is logged into
> SystemB, and has your fake cookie...
ACL won't protect me in that case.
But without ACL the attack can come from host C which is not related to
A or B. The attacker doesn't have the fake cookie, but he may guess it
(by trying several times). I don't know how possible values there are for
the fake cookie. My guess is that there is a lot of them. That is why
this is not a big security hole.
Sure, the attack will be noisy and time consuming.
But still the hole is there. And there is no reason for it to be there.
--
Osmo Paananen
More information about the openssh-unix-dev
mailing list