Bug 162920

Summary: xinerama breaks untrusted remote X11 clients via ssh forwarding
Product: [Fedora] Fedora Reporter: long
Component: xorg-x11Assignee: X/OpenGL Maintenance List <xgl-maint>
Status: CLOSED NOTABUG QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 4   
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-07-12 10:38:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description long 2005-07-11 17:27:44 UTC 
Description of problem:


Using an ATI Radeon X300 with two monitors connected.  If I do NOT enable
xinerama then all of my remote X11 clients that are forwarded via ssh work
normally.  If I enable xinerama then all of my remote X11 clients fail, most of
the time they appear to hang.  If I use 'ssh -Y' to connect to the remote
system(s) then the X11 clients work normally again.  So I'm not sure if this is
a bug or by design.  Here is my xorg.conf:

# Xorg configuration created by system-config-display

Section "ServerLayout"
	Identifier     "Multihead layout"
	Screen      0  "Screen0" RightOf "Screen1"
	Screen      1  "Screen1" 0 0
	InputDevice    "Mouse0" "CorePointer"
	InputDevice    "Keyboard0" "CoreKeyboard"
	Option	    "Xinerama" "on"
	Option	    "Clone" "off"
EndSection

Section "Files"
	RgbPath      "/usr/X11R6/lib/X11/rgb"
	ModulePath   "/usr/X11R6/lib/modules"
	FontPath     "unix/:7100"
#	FontPath     "/usr/X11R6/lib/X11/fonts/misc/"
#	FontPath     "/usr/X11R6/lib/X11/fonts/TTF/"
#	FontPath     "/usr/X11R6/lib/X11/fonts/Type1/"
#	FontPath     "/usr/X11R6/lib/X11/fonts/CID/"
#	FontPath     "/usr/X11R6/lib/X11/fonts/75dpi/"
#	FontPath     "/usr/X11R6/lib/X11/fonts/100dpi/"
EndSection

Section "Module"
	Load  "record"
	Load  "extmod"
	Load  "fbdevhw"
	Load  "vnc"
	Load  "xtrap"
	Load  "dbe"
	Load  "glx"
	Load  "type1"
	Load  "freetype"
	Load  "dri"
EndSection

Section "InputDevice"
	Identifier  "Keyboard0"
	Driver      "kbd"
EndSection

Section "InputDevice"

#	Option	    "Protocol" "auto"
	Identifier  "Mouse0"
	Driver      "mouse"
	Option	    "Protocol" "IMPS/2"
#	Option	    "Device" "/dev/mouse"
	Option	    "Device" "/dev/input/mice"
        Option      "ZAxisMapping" "4 5"
EndSection

Section "Monitor"

	#DisplaySize	  410   310	# mm
	Identifier   "Monitor0"
	VendorName   "DEL"
	ModelName    "DELL 2001FP"
	HorizSync    31.0 - 80.0
	VertRefresh  56.0 - 76.0
	Option	    "DPMS"
EndSection

Section "Monitor"
	Identifier   "Monitor1"
	VendorName   "Monitor Vendor"
	ModelName    "Dell P991"
	HorizSync    30.0 - 107.0
	VertRefresh  48.0 - 120.0
	Option	    "dpms"
EndSection

Section "Device"

        ### Available Driver options are:-
        ### Values: <i>: integer, <f>: float, <bool>: "True"/"False",
        ### <string>: "String", <freq>: "<f> Hz/kHz/MHz"
        ### [arg]: arg optional
        #Option     "NoAccel"            	# [<bool>]
        #Option     "SWcursor"           	# [<bool>]
        #Option     "Dac6Bit"            	# [<bool>]
        #Option     "Dac8Bit"            	# [<bool>]
        #Option     "BusType"            	# [<str>]
        #Option     "CPPIOMode"          	# [<bool>]
        #Option     "CPusecTimeout"      	# <i>
        #Option     "AGPMode"            	# <i>
        #Option     "AGPFastWrite"       	# [<bool>]
        #Option     "AGPSize"            	# <i>
        #Option     "GARTSize"           	# <i>
        #Option     "RingSize"           	# <i>
        #Option     "BufferSize"         	# <i>
        #Option     "EnableDepthMoves"   	# [<bool>]
        #Option     "EnablePageFlip"     	# [<bool>]
        #Option     "NoBackBuffer"       	# [<bool>]
        #Option     "PanelOff"           	# [<bool>]
        #Option     "DDCMode"            	# [<bool>]
        #Option     "MonitorLayout"      	# [<str>]
        #Option     "IgnoreEDID"         	# [<bool>]
        #Option     "UseFBDev"           	# [<bool>]
        #Option     "VideoKey"           	# <i>
        #Option     "MergedFB"           	# [<bool>]
        #Option     "CRT2HSync"          	# [<str>]
        #Option     "CRT2VRefresh"       	# [<str>]
        #Option     "CRT2Position"       	# [<str>]
        #Option     "MetaModes"          	# [<str>]
        #Option     "MergedDPI"          	# [<str>]
        #Option     "NoMergedXinerama"   	# [<bool>]
        #Option     "MergedXineramaCRT2IsScreen0" 	# [<bool>]
        #Option     "DisplayPriority"    	# [<str>]
        #Option     "PanelSize"          	# [<str>]
        #Option     "ForceMinDotClock"   	# <freq>
        #Option     "RenderAccel"        	# [<bool>]
        #Option     "SubPixelOrder"      	# [<str>]
        #Option     "ShowCache"          	# [<bool>]
        #Option     "DynamicClocks"      	# [<bool>]
	Identifier  "Card0"
	Driver      "radeon"
	VendorName  "ATI Technologies Inc"
	BoardName   "ATI Radeon X300"
	BusID       "PCI:1:0:0"
	Option      "NoMergedXinerama" "true"
EndSection

Section "Device"
	Identifier  "Videocard1"
	Driver      "radeon"
	VendorName  "Videocard Vendor"
	BoardName   "ATI Radeon X300"
	BusID       "PCI:1:0:0"
	Screen      1
	Option      "NoMergedXinerama" "true"
EndSection

Section "Screen"
	Identifier "Screen0"
	Device     "Card0"
	Monitor    "Monitor0"
	DefaultDepth     24
	SubSection "Display"
		Viewport   0 0
		Depth     1
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     4
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     8
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     15
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     16
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     24
		Modes    "1600x1200" "1400x1050" "1280x960" "1280x800" "1280x1024" "1152x864"
"1024x768" "800x600" "640x480"
	EndSubSection
EndSection

Section "Screen"
	Identifier "Screen1"
	Device     "Videocard1"
	Monitor    "Monitor1"
	DefaultDepth     24
	SubSection "Display"
		Viewport   0 0
		Depth     24
		Modes    "1600x1200"
	EndSubSection
EndSection

Here's what I have for forwarding in my /etc/ssh/ssh_config:

        ForwardX11 yes

Version-Release number of selected component (if applicable):

xorg-x11-6.8.2-37

How reproducible:

Every time.

Steps to Reproduce:
1. Use the xorg.conf from above.
2. ssh remotemachine
3. run xclock
  
Actual results:

xclock hangs, no output, nothing displaying on my displays, nothing.

Expected results:

xclock should run, just as it does when I'm NOT using xinerama.

Additional info:
Comment 1 Mike A. Harris 2005-07-12 10:38:02 UTC 
ssh X11 forwarding is disabled by default in openssh in Fedora Core 4, and
Fedora Core 3 with all updates applied.  The openssh project changed the
defaults of ssh to forward only trusted clients by default which breaks
pretty much every application out there and is not a sensible default.

Since this change was made for security reasons by the openssh project,
we changed the default in our openssh packages to be "no X11 forwarding
at all" by default in order to keep a sane default security policy, but
not confuse users into thinking X11 forwarding should work.

In order to have working ssh forwarding, you must invoke ssh with -Y
always, or reconfigure your ssh server or clients to re-enable full
X11 forwarding.

The reason this only fails when you use Xinerama, is that an untrusted
code path exists under Xinerama which does not exist without it.

Setting bug status to "NOTABUG"