Untrusted X11 forwarding

I wrote a while ago about my security concerns regarding xhost + xterm -display mypc:0 Way back then, I suggested ssh tunnel. SSH is pretty easy to set up, by enabling the X11Forwarding option. In OpenSSH 3.8 release note, 2004, there was a new default . ssh(1) now uses untrusted cookies for X11-Forwarding In the […]

xhost + is a huge security hole

Maybe you have a firewall in your company, only your PC can access the production server, only you have the root password in prod, and your company spend a lot of money in security, but you dare using xhost +. This is a huge security hole, because it gives anyone access to your X resources, […]