Re: New Proposal for Section 11.3.3 X11 Forwarding

[Nicolas Williams <Nicolas.Williams%sun.com@localhost>]

On Thu, May 15, 2003 at 09:56:16AM -0400, RJ Atkinson wrote:
> 
> On Thursday, May 15, 2003, at 00:20 America/Montreal, Nicolas Williams 
> wrote:
> > Given (a) and (b) those magic cookies add no value ...
> 
> This is consistent with my stated unhappiness with the text that
> was implying that those cookies did have security value.

Ah, sorry I misread your comment.

> We need text that is clear and accurate.  I'm not exactly sure
> what that text looks like, unfortunately, or I'd propose a block
> of new text.

How about this?:

   X11 display forwarding, by itself, is not sufficient to correct well
   known problems with X11 security [Venema].  However, X11 display
   forwarding in SSHv2 (or other, secure protocols), combined with
   actual and pseudo-displays which accept connections only over local
   IPC mechanisms authorized by permissions or ACLs, does correct most
   X11 security problems.

   It is RECOMMENDED that X11 display implementations default to
   allowing display opens only over local IPC.  It is RECOMMENDED that
   SSHv2 server implementations that support X11 forwarding default to
   allowing display opens only over local IPC.  On single-user systems
   it is reasonable to default to allowing local display opens over
   TCP/IP.

Cheers,

Nico
--