On Sun, 14 Jul 2002, Andreas Ehliar wrote: > I don't know exactly how the Security-extension works, but it would be nice > if you could tunnel X over ssh without worrying about wether the security of > the remote machine has been compromised. Right now such a tunnel could easily > be used to eavesdrop on your keyboard for example. > > Could the Security-extension be used to improve this?
After some thought I see the problem, so you probably know more about the security extension than I do. Since the tunnel isn't a single X client, it might not be easy to use the extension to tie the tunnel down. (Assuming that the extension works) you could start Xnest with no access to other clients, and run an ssh tunnel from the Xnest server instead of the main one. That ought to make Xnest into a sandbox for the compromised machine to play in. For all I know, there may be a way to config the security extension to block the tunnel. -- Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge [EMAIL PROTECTED] http://www.dpmms.cam.ac.uk/~werdna _______________________________________________ Xpert mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/xpert
