From owner-cvs-all  Mon Feb 28 23:58:22 2000
Delivered-To: cvs-all@freebsd.org
Received: from grimreaper.grondar.za (dhcp43.iafrica.com [196.31.1.43])
	by hub.freebsd.org (Postfix) with ESMTP
	id DD86937BA83; Mon, 28 Feb 2000 23:58:11 -0800 (PST)
	(envelope-from mark@grondar.za)
Received: from grimreaper.grondar.za (localhost [127.0.0.1])
	by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id IAA29118;
	Tue, 29 Feb 2000 08:16:21 +0200 (SAST)
	(envelope-from mark@grimreaper.grondar.za)
Message-Id: <200002290616.IAA29118@grimreaper.grondar.za>
To: "Daniel O'Connor" <doconnor@gsoft.com.au>
Cc: Mark Murray <mark@grondar.za>, cvs-all@FreeBSD.org,
	cvs-committers@FreeBSD.org, Mark Murray <markm@FreeBSD.org>,
	Robert Watson <robert+freebsd@cyrus.watson.org>
Subject: Re: cvs commit: src/crypto/openssh auth-krb5.c auth-krb4.c auth- 
References: <XFMail.000229104324.doconnor@gsoft.com.au> 
In-Reply-To: <XFMail.000229104324.doconnor@gsoft.com.au> ; from "Daniel O'Connor" <doconnor@gsoft.com.au>  "Tue, 29 Feb 2000 10:43:24 +1030."
Date: Tue, 29 Feb 2000 08:16:20 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

> 
> On 28-Feb-00 Mark Murray wrote:
> >  At the moment, X11 forwarding is ON. I saw a convincing argument
> >  on bugtraq today for turning it off.
> 
> Care to share? I don't subscribe and I can't find an up to date archive :(
> (securityfocus is lagged a few days ):

If you have forwarding on, you run xauth on the other side. It's
eas{y|ier} to compromise that, and attack X with tunnelling. (In
a nutshell).

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message