[Bug 2636] Fix X11 forwarding, when ::1 is not configured

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Nov 10 09:59:53 AEDT 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2636

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au

--- Comment #3 from Darren Tucker <dtucker at zip.com.au> ---
(In reply to Tomas Kuthan from comment #0)
[...]
> When this particular error is returned by bind, it is safe to
> continue with the next address returned by getaddrinfo(), because in
> that case there is no risk of forwarded X11 connections being
> hijacked (CVE-2008-1483).

No, there is still a risk, eg if the IPv6 address loopback is added
after a connection is made.

getaddrinfo w/AI_PASSIVE should not return non-existent addresses. 
Quoting RFC3493:

   If the AI_PASSIVE flag is specified, the returned address
information
   shall be suitable for use in binding a socket for accepting incoming
   connections for the specified service (i.e., a call to bind()).

In this case the returned address is not suitable to bind because it'll
never work (unless you race bring up the interface).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list