49 What are the issues about X11 through a firewall?
Description
This article is from the Firewalls FAQ, by Matt Curtin cmcurtin@interhack.net and Marcus J. Ranum mjr@nfr.com with numerous contributions by others.
49 What are the issues about X11 through a firewall?
The X Windows System is a very useful system, but unfortunately has some
major security flaws. Remote systems that can gain or spoof access to a
workstation's X display can monitor keystrokes that a user enters, download
copies of the contents of their windows, etc.
While attempts have been made to overcome them (E.g., MIT ``Magic Cookie'')
it is still entirely too easy for an attacker to interfere with a user's X
display. Most firewalls block all X traffic. Some permit X traffic through
application proxies such as the DEC CRL X proxy (FTP crl.dec.com). The
firewall toolkit includes a proxy for X, called x-gw, which a user can
invoke via the Telnet proxy, to create a virtual X server on the firewall.
When requests are made for an X connection on the virtual X server, the user
is presented with a pop-up asking them if it is OK to allow the connection.
While this is a little unaesthetic, it's entirely in keeping with the rest
of X.
Continue to:
My Books
