X forwarding and BadWindow error
Sergio Gelato
Sergio.Gelato at astro.su.se
Sat Mar 20 10:03:35 EST 2004
* Andreas [2004-03-19 14:54:32 -0300]:
> Has anybody else experienced weird X11 forwarding problems such
> as the one below:
Yes. The problem is that OpenSSH 3.8 is trying to pioneer the use of the
X11 SECURITY extension, which has existed since 1996 but obviously
not received enough debugging attention so far.
> andreas at teste10:~> x3270
> X Error of failed request: BadWindow (invalid Window parameter)
> Major opcode of failed request: 3 (X_GetWindowAttributes)
> Resource id in failed request: 0x404372
What's that window x3270 is trying to get the attributes of? (xwininfo
might help.) Then either patch x3270 not to need this lookup, or launch
the ssh client with ForwardX11Trusted=yes.
If the opcode had been one of the X_*Property ones, you would have had
the option of allowing (or silently ignoring) the access attempt in the
SecurityPolicy file of your X server configuration. But I'm afraid that
X_GetWindowAttributes restrictions are hardwired (in the X server
implementations I have access to). There may be very good design reasons
for hardwiring them, too.
Advice: for the sake of ordinary users, set ForwardX11Trusted yes in
ssh_config. As a developer, you can turn it off in your ~/.ssh/config,
study what breaks, and try to help the maintainers of the affected
applications improve their SECURITY-compatibility so that maybe someday
we'll all be able to turn ForwardX11Trusted back off.
More information about the openssh-unix-dev
mailing list