[Bug 1464] "possible hijacking of X11-forwarded connections" bug has not been fixed completely
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue May 20 10:23:01 EST 2008
https://bugzilla.mindrot.org/show_bug.cgi?id=1464
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
AssignedTo|bitbucket at mindrot.org |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> 2008-05-20 10:22:56 ---
Created an attachment (id=1504)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=1504)
Don't set SO_REUSEADDR for X11UseLocalhost=no
So this turns out to be a sysv stupidity. BSD derived systems perform a
permission check when attempting a bind() with SO_REUSEADDR set: if a
previous bind() to that port has been made, then additional bind()s to
the same port must come from the same user, or root. sysv-ish systems
(including Linux) lack this mechanism.
Since we can't rely on sane semantics, this patch turns off
SO_REUSEADDR when setting up the X11 listeners for non-loopback binds.
The downside of this is a greater likelihood of port exhaustion in the
range (6010-7009) that SSH is prepared to bind on, since ports in
TIME_WAIT will no longer be candidates for listeners.
Please test.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list