X11UseLocalhost option and the DISPLAY variable
Gert Doering
gert at greenie.muc.de
Fri Apr 12 18:13:37 EST 2002
Hi,
On Thu, Apr 11, 2002 at 11:25:03AM -0400, Ed Phillips wrote:
> I wasn't paying much attention when there was a lot of conversation about
> these issues. I recently ran into a problem where an X app won't run with
> OpensSSH 3.1p1's default "X11UseLocalhost yes" setting. If I run the X
> app with the display set to "localhost:16.0" it gets a "BadAccess" error,
> but if I run it with the display set to "127.0.0.1:16.0" or
> "realhostname:16.0" it works fine. Can someone please explain the
> boiled-down version of what's going on here and save me some trouble? Is
> there anything wrong with setting "X11UseLocalhost no" in sshd_config?
X11 connections are *really really* hairy for the general case.
One would expect that "it's always TCP so the IP address doesn't matter",
but that's not true - there are some optimizations in the code so that
(usually) "unix:0", ":0", "localhost:0" and "$hostname:0" (usually without
domain, though) are not done over TCP/IP but over some sort of local
connection mechanism, of which there are at least 4 (unix sockets, pty
connects, STREAMS connects for SCO and for ISC).
I assume that this "broken" application links some sort of X11 connection
library that knows only a few different variants, and for "localhost:16"
tries (e.g.) STREAMS while the OpenSSHd only offers TCP/IP and/or unix
sockets (guessing here), and doesn't fallback to one of the other
methods.
After reading the X11 sources (xc/lib/trans/Xtranslcl.c), I'm sure we
*really* do not want to emulate all this stuff...
Maybe the best way is to have the fallback to "X11UseLocalhost no"
for systems that need it, and then apply pressure to vendors to Not Do
Stupid Things (like "link in your private copy of LibX11.so").
NB: SCO Unix 3.2v4.2 needs "X11UseLocalhost no" as well. I am fairly
sure it comes due to X11 clients shortcutting from TCP/IP to STREAMS
connects (no unix sockets here), but can live with it...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert.doering at physik.tu-muenchen.de
More information about the openssh-unix-dev
mailing list