Is it securely: `hostname`:10 ?

Markus Friedl markus.friedl at informatik.uni-erlangen.de
Thu Mar 2 22:42:19 EST 2000


On Thu, Mar 02, 2000 at 09:09:38PM +1100, Damien Miller wrote:
> IIRC some broken Unices (references?) autodetect localhost:xx
> $DISPLAYs and starting using shared memory to communicate.

the X lib is buggy:

>Path: news.uni-erlangen.de!uni-erlangen.de!newsfeed1.telenordia.se!algonet!uab.ericsson.se!erix.ericsson.se!per
>From: per at erix.ericsson.se (Per Hedeland)
>Newsgroups: comp.security.ssh
>Subject: Re: X forwarding works w/ some progs, not others
>Date: 16 Dec 1999 11:24:29 GMT
>Organization: Ericsson Utvecklings AB, Stockholm, Sweden
>Lines: 64
>Sender: per at aalborg (Per Hedeland)
>Message-ID: <83ai5d$65p$1 at news.du.uab.ericsson.se>
>References: <Pine.LNX.4.10.9912151933080.818-100000 at localhost.localdomain> <83abh4$mif$1 at pegasus.csx.cam.ac.uk>
>NNTP-Posting-Host: aalborg.du.uab.ericsson.se
>NNTP-Posting-User: per
>X-Newsreader: xrn 9.01
>Xref: news.uni-erlangen.de comp.security.ssh:12211

In article <83abh4$mif$1 at pegasus.csx.cam.ac.uk>,
 pjb1008 at cus.cam.ac.uk (Peter Benie) writes:
>In article <Pine.LNX.4.10.9912151933080.818-100000 at localhost.localdomain>,
>Steven A. Richman <on at yourNOSPAMPLEASEmom.com> wrote:
>>Programs that work include: emacs, xv, xcalc, x3270, xfontsel, xbiff,
>>acroread, xgremlin, xman, and xedit.
>>Programs that don't work include: xterm, xemacs, gv, netscape, xlogo,
>>xmag, xdvi... and most others.
>
>Another problem is that some X libraries are too clever and spot local
>displays and force the use of the UDP sockets in /tmp. Are some of your
>programs linked with different versions of the X libraries? If they are,
>check how the X client is trying to make the connection to the X server by
>running the client under strace. 

This is almost certainly the case (and has been mentioned a couple of
times before here - they aren't UDP sockets though). Recent versions of
Xlib from x.org (at least the one in X11R6.4) have an extremely
brain-dead "optimization" that does just this - totally disregarding the
fact that the semantics of DISPLAY=<hostname>:<display>[.<screen>] have
always been "use TCP", while you'd leave out the <hostname> part to
request connection via Unix domain socket / named pipe.

Steven wrote that sshd/X-client was on Solaris 7, I haven't tried it
there but the Xlib that ships with Solaris 2.6 while X11R6-based does
*not* have this problem - however if you've also installed the version
from x.org you get precisely this kind of mixed behaviour depending on
how the different clients were built (might even be dependant on
LD_LIBRARY_PATH etc settings at runtime).

Below is the patch I applied to my X11R6.4 installation to just get rid
of this nonsense - as libX11 is shared you "just" need to rebuild and
re-install it to fix all the broken clients in one sweep. (Unless you
have multiple broken versions installed, that is...:-) A workaround
would be to change the DISPLAY setting to use <IP-address>:x.y instead
of <hostname>:x.y - actually you can even get sshd to do that for you,
if you #define NONSTANDARD_IP_ADDRESS_X11_KLUDGE in config.h and
rebuild - not sure if that works in the old 1.2.22 though.

--Per Hedeland
per at erix.ericsson.se

--- X11R6.4/xc/lib/X11/ConnDis.c.ORIG	Fri Feb  6 23:12:07 1998
+++ X11R6.4/xc/lib/X11/ConnDis.c	Thu Oct 15 12:43:15 1998
@@ -177,6 +177,11 @@
 
     p = lastc;
 
+/* This is broken - no reason to assume there is anyone listening on
+   the named pipe or whatever just because it is listening on the TCP
+   socket. Plus it's broken even if that were true due to strncmp
+   potentially matching a substring of the display-hostname.  /Per H */
+#if 0
 #ifdef LOCALCONN
     /* check if phostname == localnodename */
     if (phostname && uname(&sys) >= 0 &&
@@ -185,6 +190,7 @@
 	Xfree (phostname);
 	phostname = copystring ("unix", 4);
     }
+#endif
 #endif
 
 






More information about the openssh-unix-dev mailing list