From 101c4a7bc96556d22ccf4c2095086353e4e61ca2 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 19 Sep 2002 11:51:21 +1000 Subject: - stevesk@cvs.openbsd.org 2002/09/16 20:12:11 [sshd_config.5] more details on X11Forwarding security issues and threats; ok markus@ --- ChangeLog | 5 ++++- sshd_config.5 | 31 ++++++++++++++++++++++++++++--- 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index aaadccdb..63bfc9f5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ - stevesk@cvs.openbsd.org 2002/09/16 19:55:33 [session.c] log when _PATH_NOLOGIN exists; ok markus@ + - stevesk@cvs.openbsd.org 2002/09/16 20:12:11 + [sshd_config.5] + more details on X11Forwarding security issues and threats; ok markus@ 20020912 - (djm) Made GNOME askpass programs return non-zero if cancel button is @@ -663,4 +666,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2467 2002/09/19 01:50:48 djm Exp $ +$Id: ChangeLog,v 1.2468 2002/09/19 01:51:21 djm Exp $ diff --git a/sshd_config.5 b/sshd_config.5 index 8d90785f..0944ba07 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.12 2002/09/04 18:52:42 stevesk Exp $ +.\" $OpenBSD: sshd_config.5,v 1.13 2002/09/16 20:12:11 stevesk Exp $ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -630,10 +630,35 @@ from interfering with real X11 servers. The default is 10. .It Cm X11Forwarding Specifies whether X11 forwarding is permitted. +The argument must be +.Dq yes +or +.Dq no . The default is .Dq no . -Note that disabling X11 forwarding does not improve security in any -way, as users can always install their own forwarders. +.Pp +When X11 forwarding is enabled, there may be additional exposure to +the server and to client displays if the +.Nm sshd +proxy display is configured to listen on the wildcard address (see +.Cm X11UseLocalhost +below), however this is not the default. +Additionally, the authentication spoofing and authentication data +verification and substitution occur on the client side. +The security risk of using X11 forwarding is that the client's X11 +display server may be exposed to attack when the ssh client requests +forwarding (see the warnings for +.Cm ForwardX11 +in +.Xr ssh_config 5 ). +A system administrator may have a stance in which they want to +protect clients that may expose themselves to attack by unwittingly +requesting X11 forwarding, which can warrant a +.Dq no +setting. +.Pp +Note that disabling X11 forwarding does not prevent users from +forwarding X11 traffic, as users can always install their own forwarders. X11 forwarding is automatically disabled if .Cm UseLogin is enabled. -- cgit v1.2.3