[Bug 2552] New: ssh -X and "ForwardX11Trusted no" break most applications, distros turn on "ForwardX11Trusted yes"

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon Mar 14 13:19:42 AEDT 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2552

            Bug ID: 2552
           Summary: ssh -X and "ForwardX11Trusted no" break most
                    applications, distros turn on "ForwardX11Trusted yes"
           Product: Portable OpenSSH
           Version: 7.2p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: pabs3 at bonedaddy.net
                CC: cjwatson at debian.org, jjelen at redhat.com

I'm not sure what severity this should be reported at, please adjust it
if you disagree with what I chose.

"ForwardX11Trusted no" breaks most applications (including causing
crashes in xterm when you select text). As a result, distributions (at
least Fedora & Debian) are patching ssh -X to work like ssh -Y by
turning on "ForwardX11Trusted yes". Some discussion of this issue is in
this Debian thread from last year:

https://lists.debian.org/debian-devel/2015/08/msg00316.html

It seems to me that this situation is not acceptable and that something
should change. The distros aren't going to budge because `ssh -X` is
extremely user-unfriendly right now, so I'm hoping the OpenSSH project
can help clear this logjam.

There are several possible solutions I can think of:

Fix every X11 application and toolkit to not crash when denied access.
I don't think this is feasible.

Switch every X11 application and toolkit to Wayland instead. This is
only slightly more feasible, since there will still be things like
xterm that need a complete rewrite.

Give an error when ssh -X is used or when "ForwardX11Trusted no" is set
in the configuration. This will force users to switch to learn about
the choice between unstable X11 forwarding or insecure X11 forwarding,
which they probably wouldn't be happy about. I don't know how the
distributions would react, but it probably wouldn't be good.

For ssh -X and "ForwardX11Trusted no", implement an X11 proxy that lies
to applications/toolkits about what they are allowed to do in order to
prevent them from crashing. This would probably convince the distros to
return to "ForwardX11Trusted no" by default. This could perhaps use
xpra if it is secure enough. Otherwise this is probably going to be a
lot of work to implement and test.

https://xpra.org/

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list