No. Not really. You don't need root permissions to open a connection on port 6010ff (> 1024), so even if you would patch OpenSSH to remove this feature, users could still compile their own packages.
This is true, but there is no point in telling the daemon to not do it, and it does so anyway.
(And, in fact, X tunneling is far superiour to having users perform "xhost +" :-)
That's true. :-/
Best regards, Lutz
Thanks,
Roman.
--
- -
| Roman Drahtmüller