Bug 150262 (rhel4-x11forwarding) - SSH client should use trusted X forwarding by default if asked for X forwarding
Summary: SSH client should use trusted X forwarding by default if asked for X forwarding
Keywords:
Status: CLOSED ERRATA
Alias: rhel4-x11forwarding
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openssh
Version: 4.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Tomas Mraz
QA Contact: Brian Brock
URL:
Whiteboard:
: 148819 150184 171966 (view as bug list)
Depends On:
Blocks: 137160
TreeView+ depends on / blocked
 
Reported: 2005-03-03 23:42 UTC by Tomas Mraz
Modified: 2007-11-30 22:07 UTC (History)
7 users (show)

Fixed In Version: RHBA-2005-046
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-06-09 12:37:03 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2005:046 low SHIPPED_LIVE openssh bug fix update 2005-06-09 04:00:00 UTC

Description Tomas Mraz 2005-03-03 23:42:51 UTC
OpenSSH now defaults to no X forwarding which is right because using X
forwarding when ssh-ing to untrusted server could allow attacker to
gain access to the client's machine.

However when ssh is asked to enable X forwarding (by -X option or
ForwardX11 yes in configuration file) it will use X security extension
which will make most X applications break with cryptic error messages.
This makes X forwarding unusable. The option 'ForwardX11Trusted yes'
should be added to the configuration file so the -X option works as
expected enabling full trusted X forwarding.

See also bug 137685.

Comment 2 Mike A. Harris 2005-03-04 04:16:14 UTC
Adding the bug alias "rhel4-x11forwarding" to make it easier to close
bugs as duplicates of this master bug.

Comment 3 Mike A. Harris 2005-03-06 15:53:21 UTC
*** Bug 150184 has been marked as a duplicate of this bug. ***

Comment 5 Jay Turner 2005-03-17 13:24:30 UTC
Fix confirmed with openssh-3.9p1-8.RHEL4.4 which is included in 	 RHBA-2005:046.

Comment 9 Tim Powers 2005-06-09 12:37:04 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2005-046.html


Comment 10 Tomas Mraz 2005-06-16 09:20:50 UTC
*** Bug 148819 has been marked as a duplicate of this bug. ***

Comment 11 Tomas Mraz 2005-10-31 14:54:53 UTC
*** Bug 171966 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.