TrustX11Applications I don't trust you...
March 27, 2007 3:14 PM   Subscribe

How can I prove the ssh_config keyword TrustX11Applications is working?

I have been tasked with proving that the ssh client config keyword "TrustX11Applications" is doing what it's supposed to. Just a couple of problems with that....

1. I'm not 100% on what it is supposed to do (prevent rogue apps on the xserver from stealing input, etc)

2. I'm completely uncertain how to see the keyword in action. Any suggestions for an easy to setup test that could validate this functionality? Bonus points if I can automate it completely from the command line.
posted by nomisxid to Computers & Internet (2 answers total) 1 user marked this as a favorite
Ssh untrusted X11 uses the Security extension, which determines which things untrusted applications are and aren't allowed to do to trusted resources (so remember, an untrusted application can interfere with another untrusted application, even if it's from another host). Keyboard grabbing and such are also disallowed, check the spec for the full list.

The easiest way to check whether you're trusted or not is to try to modify the server access list with xhost, you'll get an error if you're not trusted. If you want something that doesn't change the server state if you do happen to be trusted, try listing the current server access list with just "xhost", it'll give you the "access allowed from all hosts" message if you're on an untrusted connection. Drawback is that if your server is configured to be accessible from all hosts (either because of brain death on the part of the operator or because it's a single user machine with X over tcp disabled) you'll get that message too.
posted by fvw at 3:39 PM on March 27, 2007

Best answer: I suppose a more foolproof method would be trying "xwd -root", which'll only work when xwd is trusted. That should be easy enough to script.
posted by fvw at 3:41 PM on March 27, 2007

« Older Maps vs. GPS - Choosing High Tech or Low Tech...   |   Should my new MacBook's power button tilt like... Newer »
This thread is closed to new comments.