|
Lines 831-840
Users with the ability to bypass file pe
Link Here
|
| 831 |
(for the user's X authorization database) |
831 |
(for the user's X authorization database) |
| 832 |
can access the local X11 display through the forwarded connection. |
832 |
can access the local X11 display through the forwarded connection. |
| 833 |
An attacker may then be able to perform activities such as keystroke monitoring. |
833 |
An attacker may then be able to perform activities such as keystroke monitoring. |
|
|
834 |
.Pp |
| 835 |
For this reason, X11 forwarding is subjected X11 SECURITY extension |
| 836 |
restrictions by default. |
| 837 |
Please refer to the |
| 838 |
.Nm |
| 839 |
.Fl Y |
| 840 |
option and the |
| 841 |
.Cm ForwardX11Trusted |
| 842 |
directive in |
| 843 |
.Xr ssh_config 5 |
| 844 |
for more information. |
| 834 |
.It Fl x |
845 |
.It Fl x |
| 835 |
Disables X11 forwarding. |
846 |
Disables X11 forwarding. |
| 836 |
.It Fl Y |
847 |
.It Fl Y |
| 837 |
Enables trusted X11 forwarding. |
848 |
Enables trusted X11 forwarding. |
|
|
849 |
Trusted X11 forwardings are not subjected to the X11 SECURITY extension |
| 850 |
controls. |
| 838 |
.El |
851 |
.El |
| 839 |
.Sh CONFIGURATION FILES |
852 |
.Sh CONFIGURATION FILES |
| 840 |
.Nm |
853 |
.Nm |