Alexander Gottwald <[EMAIL PROTECTED]> writes: >On Thu, 22 Apr 2004 [EMAIL PROTECTED] wrote: > >> What is the difference between "X11 forwarding" and "trusted X11 forwarding"? >> >> Why did the compatible X11 forwarding break? >> >> Why is it necessary to have a separate user interface? That is, why can't >> -X mean "Use trusted X11 forwarding if available, otherwise use >> compatible X11 forwarding" > >-Y means use trusted forwarding >-X means use untrusted forwarding > >the trusted means the X11 client has no access restrictions while a client in >untrusted mode has some access restrictions which result in some errors >which actually mean "access denied"
Yes, I looked at the release notes and man pages for OpenSSH, and they choose to break backwards compatibility in the name of security. That is the right choice, of course, unless... the users reaction is to restore the previous situation. Note that the Cygwin-X docs only mentions -X for older version of ssh, thus advising users to disable the new security feature. The real question here is why the X11 SECURITY extension disallows some of the operations that Mozilla wants to do. Are they really unsafe, or is the security specification overly restrictive?
