[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: X11 exploit info
From:       Guillaume Laurent <glaurent () telegraph-road ! org>
Date:       2006-02-12 8:04:49
Message-ID: 200602120904.49745.glaurent () telegraph-road ! org
[Download RAW message or body]

On Sunday 12 February 2006 01:28, Christian Mueller wrote:
> >
> > There's this gem, too : "any time you SSH to another machine, that
> > machine's administrators could attack you".
> >
> > Thanks for the laugh, anyway.
>
> Why do you think this is funny?

Because this article claims to explain a fairly subtle problem that would 
arise in circumstances where a much more obvious problem is already present. 
It's like explaining you shouldn't fire up a Tesla coil in an explosive 
atmosphere.

When you ssh to a machine which sysadmin is not trustworthy, then *anything* 
on that machine is suspect. Including all the programs you will execute there 
remotely, be it X clients or plain shell commands, and even the sshd you're 
logging in through.

I agree the overall conclusion is still a good thing to know, but it's hardly 
worth a whole article.

-- 
Guillaume.
http://www.telegraph-road.org
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]