> On 1/19/26 5:01 AM, Rich Pieri wrote: >> The X11 SECURITY extension allows you to mark X11 clients as trusted or >> untrusted. Development was abandoned in the 1990s because hardly anyone >> used it, but the code still lives in X.Org. Problem is, clients marked >> untrusted don't work as expected and often not at all. -Y says "forward >> X11 SECURITY trust". In practice it marks your X11 clients as trusted >> which bypasses the extension so that they work correctly. > > > So when I "ssh -X 10.1.2.3" (no "-Y") I'm not getting best "work as > expected"? I have never used "-Y" and X forwarding has worked well for > me, so I can live with that. > > But am I actually getting any security advantage by adding "-Y"? I > thought I saw someplace that "-Y" is (nearly?) a no-op.
I never looked too much into the mechanics of "-Y," but if you want to ssh into a mac and run an xapplication, you need the -Y. > > > Note, I don't run untrusted programs over X, but I also don't want to > trust all these "trusted" programs. Just because something is in an > official Debian package doesn't mean we should necessarily trust its > intentions. And it certainly doesn't mean we should trust its competence > (and so its relative invulnerability to exploit). > > I sure know that since I looked at a little of the sources to Dovecot I > very much want to get off of it, when I get the chance. > > -kb > > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.blu.org/mailman/listinfo/discuss > _______________________________________________ Discuss mailing list [email protected] https://lists.blu.org/mailman/listinfo/discuss
