[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: X11 exploit info
From: Guillaume Laurent <glaurent () telegraph-road ! org>
Date: 2006-02-12 8:04:49
Message-ID: 200602120904.49745.glaurent () telegraph-road ! org
[Download RAW message or body]
On Sunday 12 February 2006 01:28, Christian Mueller wrote:
> >
> > There's this gem, too : "any time you SSH to another machine, that
> > machine's administrators could attack you".
> >
> > Thanks for the laugh, anyway.
>
> Why do you think this is funny?
Because this article claims to explain a fairly subtle problem that would
arise in circumstances where a much more obvious problem is already present.
It's like explaining you shouldn't fire up a Tesla coil in an explosive
atmosphere.
When you ssh to a machine which sysadmin is not trustworthy, then *anything*
on that machine is suspect. Including all the programs you will execute there
remotely, be it X clients or plain shell commands, and even the sshd you're
logging in through.
I agree the overall conclusion is still a good thing to know, but it's hardly
worth a whole article.
--
Guillaume.
http://www.telegraph-road.org
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic