[Bug 3695] X11 forwarding via UNIX socket instead of 127.0.0.1
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Aug 9 22:31:29 AEST 2024
https://bugzilla.mindrot.org/show_bug.cgi?id=3695
--- Comment #1 from kolAflash at kolahilft.de ---
Recent developments:
https://lwn.net/Articles/984838/
> 0.0.0.0 Day:
> Exploiting Localhost APIs From the Browser (Oligo Security)
Turns out Unix (Linux, macOS) maps requests to 0.0.0.0/32 also to
127.0.0.1.
WORKAROUND SSH:
Forward X via UNIX socket instead of IP. (bash code for Debian-12)
remote_disp="$(shuf -i1-10000 -n1)"
ssh -t -R /tmp/.X11-unix/X${remote_disp}:/tmp/.X11-unix/X"${DISPLAY:1}"
"${@}" env "DISPLAY=:${remote_disp}" bash -c "bash; rm -Iv
/tmp/.X11-unix/X${remote_disp}"
WORKAROUND BROWSER:
I'm now running my browser in a cgroup which I deny access to these
addresses. (bash code)
systemd-run --user --scope --slice=no_localhost_net WEBBROWSER
# run with $CMD "iptables" and "ip6tables"
# for $IP 127.0.0.0/8 and 0.0.0.0/32 and ::1/128
$IPTABLES -A OUTPUT -p tcp --destination $IP -m cgroup --path
'user.slice/user-${UID}.slice/user@${UID}.service/no_localhost_net.slice'
-j REJECT
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list