[Bug 2341] XQuartz X11 forwarding not working in OS X 10.10 Yosemite

[bugzilla-daemon at bugzilla.mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=2341

--- Comment #23 from Darren Tucker <dtucker at zip.com.au> ---
Comment from Ron Frederick on openssh-unix-dev@
(https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-December/035584.html):

"""
Looking at this patch, it seems to me that it introduces a possible
exploit. The new code calls stat() on whatever string is set as the
display value, even before checking for display values that are meant
to refer to remote network hosts. If “ssh” is run in a directory
which happens to have a file/pipe/socket named to match one of those
network display values, this new code would return that it should
connect to this local socket rather than the remote host when doing the
forwarding.

While checking for “/tmp/launch” as a prefix is a problem now that
MacOS is putting these local sockets in paths starting with
“/private/tmp/com.apple.launchd”, I think this new code should at a
minimum require that the path start with a leading “/“ before
treating it as a local socket and doing a stat() on it.
"""

Sorry but this is now too late for 7.4.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.