[PATCH] tcp-wrappers support extended to x11 forwards
Osmo Paananen
odie at rotta.media.sonera.net
Wed Nov 28 18:35:59 EST 2001
> why should unix domain sockets be supported? not all systems support
> them.
I haven verified the need for this, I've been listening comments on this
list related to the forwarded X11 ports. I've understood that if you
use localhost:x.y as your display some (missbehaving) applications will break.
There is few solutions that I can think of:
a) not use localhost as your display (perhaps a run time configuration option)
b) add support for ACL's in forwarded X11 ports (if they are not bound to localhost)
c) add support for forwarding unix domain sockets with X11
d) ignore the problem and blaim broken software
Implementing both A and B would be a solution that would make me happy.
<dream>
If someone would implement C then it would be perfect.
I think that there are few really bad behaving applications that use unix
domain sockets even if the display's destination is the local machine or one
of it's network interfaces.
I haven't debugged those cases but the fact is that they don't work over
ssh forwareded connections.
</dream>
I'm happy to see that someone is working on this problem. Let's hope that
result will be safer and better Openssh.
--
Osmo Paananen
More information about the openssh-unix-dev
mailing list