SSH / X11 auth: needless complexity -> security problems?

[James Ralston]

On Wed, 6 Jun 2001, Markus Friedl posted the following to Bugtraq:

> this feature [placing the X11 cookie file in /tmp] was inherited
> from ossh and the reason was:
>       1) if $HOME is on NFS, then the cookie travels unencrypted
>          over the network, this defeats the purpose of X11-fwding
>       2) $HOME/.Xauthority gets polluted with temorary cookies.
> however, i'm not sure whether the benefit justifies the complexity,
> so this feature could be removed from future OpenSSH versions.

Please do not remove this feature.  On many of the systems I have to
access, I am in that exact same situation--my home directory is on
NFS, and I most emphatically DO NOT want my X11 cookies stored there.
Not only does doing so cause my cookies to cross the wire unecrypted,
but if I then su, I can't access the cookies without special pains
(because the NFS servers in question all map the client's root to
anonymous).

In fact, one of the (many) reasons I'm motivated to replace the rest
of our ssh.com servers with openssh servers is *because* I'll get rid
of ssh.com's "I'll just munge the .Xauthority file in your home
directory, mwa ha ha!" behavior.  Openssh's behavior is conceptually
cleaner, even if the price that is paid for it is careful attention to
the creation/deletion of the cookie file (and its containing
directory).

(There's also no real way I can implement the placement myself.  My
shell rc file automatically exports a TMPDIR value that it creates on
the fly using "mktemp -d", but openssh has to place the cookies file
before the shell is invoked...)

-- 
James Ralston, Information Technology
Software Engineering Institute
Carnegie Mellon University, Pittsburgh, PA, USA