[PATCH] tcp-wrappers support extended to x11 forwards

Osmo Paananen odie at rotta.media.sonera.net
Thu Nov 29 00:04:33 EST 2001


> > on this list related to the forwarded X11 ports.  I've understood
> > that if you use localhost:x.y as your display some (missbehaving)
> > applications will break.
> Have you actually verified this? and checked whether the 
> IPADDR_IN_DISPLAY workaround that we already have in place 
> (see channels.c) avoids it?

No, I haven't. And I think that the problem emerges only with some special
software so as administrator I would find the problem after the software has
been installed to hundreds of machines.

That is the main reason why I would like to have both options supported.
(localhost displays and support for tcpwrappers with * bound/specific ip
bound connections). Since everything works as they used to work, nothing more
should get broken.

I haven't got a list of applications which would break with localhost displays.
I personally have heard that one application doesn't work over forwareded connections
and I'm assuming that it is due to a broken application using unix domain sockets when
it's not supposed to do so.

Another reason why I haven't tested DISPLAY=localhost:x.y is that I haven't seen 
patch for portable version of the OpenSSH. (Even if I had, I probably would test
xterm and xemacs and notice that they work fine).

If localhost display patch gets included into OpenSSH I hope that it will be made
available as run time configuration option.

-- 
  Osmo Paananen 





More information about the openssh-unix-dev mailing list