[Info-vax] VSI strategy for OpenVMS
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Wed Sep 22 08:08:21 EDT 2021
On 2021-09-22, hb <end.of at inter.net> wrote:
> On 9/22/21 10:31 AM, Lawrence D?Oliveiro wrote:
>> On Friday, September 17, 2021 at 4:10:48 AM UTC+12, hb wrote:
>>
>>> "ssh -Y" works for me.
>>
>> Thereby allowing any process on the remote machine to connect back to your X server. And do things like capture screenshots and snoop on keystrokes and mouse clicks.
>>
>> This is one reason we are moving to Wayland now.
>>
>
> So you say the output of "Dev Prot" in
>
> Device WSA3:, device type DECwindows pseudo device, is online,
> record-oriented
> device, shareable.
>
> Error count 0 Operations completed
> 38
> Owner process "" Owner UIC
> [VMS,USER]
> Owner process ID 00000000 Dev Prot
> S,O:RWPL,G,W
> Reference count 1 Default buffer size
> 512
>
> is not what it pretends to be. (I have no other account on the system,
> so I can't try it. But I can set the protection to S,O,G,W and can't use
> the display myself. So I assumed no other process can use the device.)
Those protections have nothing to do with the issue at hand unfortunately.
In this case, Lawrence is absolutely correct. He is talking about issues
within the X protocol itself.
You should never, _ever_, use "ssh -Y" unless it enables functionality
you absolutely need and, if you need to use it on a network you do not
100% control and trust, then find another way instead. Seriously.
For me, I use "ssh -X" which is somewhat better.
Read the man page for ssh and any references it points you to as there
should be warnings in there about "ssh -Y".
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
More information about the Info-vax
mailing list