Hi all,

I was investigating the security issues related to the forwarding of X
connections via ssh.  Under http://www.kleber.net/ssh/ssh-faq-7.html I
find that ssh does/did forward connections as root.

I tried to verify this information and did a "ssh -X somehost xterm" and
voila, indeed the xterm shows up as being executed as root.  Now after
some further poking around, I find that this is _not_ due to ssh (my
initial misinterpretation), but rather due to the simple fact that
"xterm" is setuid on the system.

Now I searched high and low, but the most informative postings regarding
this were in the 1997 September archives of netbsd-users; and that
information did not seem exhaustive or sufficient (at least not to me).

Could somebody reveal what the common consensus (aside from "don't use
xterm") is on this (and on forwarding X via ssh)?

TIA,
-Jan

-- 
http://www.netmeister.org
http://guinness.cs.stevens-tech.edu/~jschauma/