X11 forwards and libwrap support

Dan Astoorian djast at cs.toronto.edu
Thu Nov 15 03:15:28 EST 2001


On Wed, 14 Nov 2001 10:51:14 EST, Markus Friedl writes:
> 
> i think x11 fwd should either listen to the localhost
> or to all interfaces, but with x11/xauth this does not
> seem to work if DISPLAY points to localhost.
> 
> i'd prefer to have this fixed.

Remember that many X client implementations "optimize" by reverting to
the unix domain socket instead of TCP when the display name is
"localhost" (and/or when the IP address is 127.0.0.1).

> > How many applications would break if the tcp port
> > would be closed and only the unix-domain socket would be available?
> 
> i don't know. this would be nice. perhaps the x11 proxy
> code from x11 can give hints.

I don't know if it would be worthwhile for ssh's X11 forwarding to also
be able to use unix sockets instead of TCP, but it seems like rather a
can of worms just to provide functionality that's already there.

If unix domain sockets / loopback connections could be handled reliably,
an option analagous to GatewayPorts might make sense.

> > Another question: is it requirement that the forwarded X11 port is
> > bound to * instead of specific interface? 
> 
> xauth does not like DISPLAY=localhost:x.y

Doesn't like it, or just doesn't do what one might expect it to?

-- 
Dan Astoorian               People shouldn't think that it's better to have
Sysadmin, CSLab             loved and lost than never loved at all.  It's
djast at cs.toronto.edu        not, it's better to have loved and won.  All
www.cs.toronto.edu/~djast/  the other options really suck.    --Dan Redican



More information about the openssh-unix-dev mailing list