>From the FreeBSD man page:
X11Forwarding
Specifies whether X11 forwarding is permitted. The
argument must be ``yes'' or ``no''. The default is
``yes''.
>From the NetBSD page:
X11Forwarding
Specifies whether X11 forwarding is permitted. The
argument must be ``yes'' or ``no''. The default is
``no''.
I don't mean to compare apples and oranges, nor to start a "My OS can
kick your OSes butt" thread; but I am wondering about the
difference. It seems the NetBSD default is safer, but I am also no
security wonk. It occurred to me that the man page for FreeBSD could
be incorrect; but I doubt that...it actually strikes me as a choice
made to reflect a balance between options.
Is the default set to no a more secure option? Or is it something that
can be arguH^H^discussed at length?
I do note that the man page for both OSes states that UseLogin
defaults to no, and that if used, X11 forwarding is turned off.
However, in the default config file for sshd, the line for UseLogin is
commented out. Given this latter state of affairs, can I continue to
assume that X11 forwarding is in fact _not_ enabled by default in
FreeBSD?
Oh, and what is the difference between the entry in the ssh_config
file and the sshd_config file? Incoming vs. outbound traffic? That is,
sshd_config accepts incoming X11 forwarding (that is, from a remote
host, to the localhost), and ssh_config allows outbound (from the
localhost to a remote host) X11 forwarding? It sure looks that way...
Hmmm....now I'm thinking that this: serverargs="-nolisten tcp"
in /usr/X11R6/bin/startx/ may make this a bit of a moot point....is
this correct?
--
The George W. Bush Five Point Economic Recovery Plan:
Hunt, Kill, Eat, Hump, Shit.
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
