Re: [tlug] Securing X-Window Protocol

["Ian Wells" <ijw@example.com>]

On 16/02/06, Stephen J. Turnbull <
stephen@example.com> wrote:

    Ian> Seriously, though, if a program expects X *and something else
    Ian> as well* to be available on the machine, ssh can confuse the
    Ian> issue...

Your programs are always expecting something else to be available
... GNOME user, I guess?  What do they do if you just don't have the
hardware, kill your login process?  ;-)

Used to be, once, if not much nowadays. 

Yes, I suppose ssh confuses the issue if you think of sound as part of
your networked workstation.  Put

    RemoteForward 8010:localhost:8000

For a known server port, yes.  But still, there's something nice about just knowing that connecting to a different port on the same machine address gets you to the same machine...  NSS is one example, but anything else that X doesn't know about that is related to the physical location of the user's terminal would be an issue as well, and it's a reasonable argument for decently secured X rather than a third party tunnel.  (Of course, it violates the 'do one thing and do it well' Unix philosophy.)

Anyway, the original question was 'is it possible to secure the X protocol nowadays' and I suspect that without a third partry tunneller the answer is still 'no'...