Subject: Re: Ye Old Time Sharing System
From: (Rob Warnock)
Date: Thu, 25 Mar 2004 05:53:13 -0600
Newsgroups: comp.lang.lisp
Message-ID: <>
David Steuber  <> wrote:
| Another poster mentioned security as an issue.  Is it really a big deal?


| Assuming the user trusts the application server...

That's a *huge* assumption! What if the application server is hosting
applications written by others? What if some applications (e.g., really
cute games or dancing hipmunks, etc.) are Trojan Horsess?  What if...

| ...and the X11 protocol is being tunneled via SSH...

It's the application server (X client) end that's vulnerable. When "sshd"
opens the listening socket on the remote end, it can't stop *any* process
from connecting to it and getting a new tunnel to your X server. The only
recourse in that case is to use MIT-MAGIC-COOKIE-1 authentication or similar,
but that requires that that owner of the X server distribute auth cookies
to *every* application server it might want to receive X connections from.

| ...or RSH (can RSH do that?)

Nope, sorry.


Rob Warnock			<>
627 26th Avenue			<URL:>
San Mateo, CA 94403		(650)572-2607