Re: diffent machines, same environment?

Robert S. Thau (rst@ai.mit.edu)
Tue, 2 Nov 1999 13:36:38 -0500 (EST)


John Klassa writes:
> I guess my concern was that since my DISPLAY is :0.0, the communication
> to/from xterms (or whatever I start from my window manager menus) isn't
> being encrypted. When I ssh to another box and see that the DISPLAY is
> foobar:1.0 (for example), I know that what I'm getting is communication
> via an encrypted channel. When I see :0.0, I wonder.

I'm not sure I understand your threat model. True, ':0.0' doesn't
give you an encrypted connection. However, what it gives you is,
according to the X window system overview man page, "the most
efficient way of communicating to a server on the same machine".
Usually, this is a Unix-domain socket --- /tmp/.X11-unix/X0 or some
such thing. So, if you're worried about someone sniffing packets,
there's no need; the kernel's TCP system never even sees the data,
much less the Ethernet driver.

So, I'm not sure I see how an attacker might observe this data in
transit unless they can read kernel memory. But if they can do that,
then you're totally compromised anyway --- in particular, ssh's
encrypted wrappers around X are no help at all, because ssh ultimately
does have to make unencrypted connections to the X client and server
at the endpoints.

rst