"possible hijacking of X11-forwarded connections" bug has not been fixed completely

施威 sway2004009 at hotmail.com
Fri May 16 14:57:00 EST 2008 

Hi,

"comment out the  channel_set_reuseaddr(sock); " is exactly what i tried.
And it worked just fine, but i am not sure if it will cause some kind of side effects.  ...

i am not sure if  it will reduce the ports that could be used by sshd.


As the loopback address behaves differently,  I think it is because of the following code.

            if (x11_use_localhost) {
                if (num_socks == NUM_SOCKS)
                    break;
            } else {
                break;
            }






> Date: Thu, 15 May 2008 22:08:15 +1000
> From: dtucker at zip.com.au
> To: sway2004009 at hotmail.com
> CC: openssh-unix-dev at mindrot.org
> Subject: Re: "possible hijacking of X11-forwarded connections" bug has not	been fixed completely
> 
> On Thu, May 15, 2008 at 05:03:06PM +0800, ?????? wrote:
> > 
> > Hi OpenSSH team,
> >  
> > I am still able to reproduce this problem with openssh50 code both on hpux.
> > Seems like OpenSSH didn't fix this problem completely.
> >  
> > how to reproduce:
> [...]
> > I found that this problem could only happen when the "X11UseLocalhost
> > no" is set in the sshd_config.
> >  
> > I checked the code, found that there might be something wrong with the
> > "channel_set_reuseaddr(sock);" function which is called in the function
> > x11_create_display_inet in file channels.c
> 
> It looks like the semantics of SO_REUSEADDR are different between
> platforms.  From what I can gather, SysV based systems don't prevent
> processes with different uids from binding to the same port, whereas
> BSD and Linux based systems do.
> 
> I'm also curious about why the loopback interface behaves differently.
> 
> If you comment out the call, what difference does it make?  It will
> probably also prevent use of ports that are still in TIME_WAIT, so it
> may reduce the number of ports available to sshd.
> 
> Index: channels.c
> ===================================================================
> RCS file: /usr/local/src/security/openssh/cvs/openssh/channels.c,v
> retrieving revision 1.257
> diff -u -p -r1.257 channels.c
> --- channels.c	2 Apr 2008 21:43:57 -0000	1.257
> +++ channels.c	15 May 2008 11:36:34 -0000
> @@ -2901,7 +2901,7 @@ x11_create_display_inet(int x11_display_
>  					error("setsockopt IPV6_V6ONLY: %.100s", strerror(errno));
>  			}
>  #endif
> -			channel_set_reuseaddr(sock);
> +			/* channel_set_reuseaddr(sock); */
>  			if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
>  				debug2("bind port %d: %.100s", port, strerror(errno));
>  				close(sock);
> 
> -- 
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>     Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.

_________________________________________________________________
多个邮箱同步管理,live mail客户端万人抢用中
http://get.live.cn/product/mail.html

More information about the openssh-unix-dev mailing list