Bug 162920
Summary: | xinerama breaks untrusted remote X11 clients via ssh forwarding | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | long |
Component: | xorg-x11 | Assignee: | X/OpenGL Maintenance List <xgl-maint> |
Status: | CLOSED NOTABUG | QA Contact: | David Lawrence <dkl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i686 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-07-12 10:38:02 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
long
2005-07-11 17:27:44 UTC
ssh X11 forwarding is disabled by default in openssh in Fedora Core 4, and Fedora Core 3 with all updates applied. The openssh project changed the defaults of ssh to forward only trusted clients by default which breaks pretty much every application out there and is not a sensible default. Since this change was made for security reasons by the openssh project, we changed the default in our openssh packages to be "no X11 forwarding at all" by default in order to keep a sane default security policy, but not confuse users into thinking X11 forwarding should work. In order to have working ssh forwarding, you must invoke ssh with -Y always, or reconfigure your ssh server or clients to re-enable full X11 forwarding. The reason this only fails when you use Xinerama, is that an untrusted code path exists under Xinerama which does not exist without it. Setting bug status to "NOTABUG" |