[Bug 1464] "possible hijacking of X11-forwarded connections" bug has not been fixed completely

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue May 20 10:23:01 EST 2008


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
             Status|NEW                         |ASSIGNED
         AssignedTo|bitbucket at mindrot.org       |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org>  2008-05-20 10:22:56 ---
Created an attachment (id=1504)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1504)
Don't set SO_REUSEADDR for X11UseLocalhost=no

So this turns out to be a sysv stupidity. BSD derived systems perform a
permission check when attempting a bind() with SO_REUSEADDR set: if a
previous bind() to that port has been made, then additional bind()s to
the same port must come from the same user, or root. sysv-ish systems
(including Linux) lack this mechanism.

Since we can't rely on sane semantics, this patch turns off
SO_REUSEADDR when setting up the X11 listeners for non-loopback binds.
The downside of this is a greater likelihood of port exhaustion in the
range (6010-7009) that SSH is prepared to bind on, since ports in
TIME_WAIT will no longer be candidates for listeners.

Please test.

Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list