Bug 150262 - (rhel4-x11forwarding) SSH client should use trusted X forwarding by default if asked for X forwarding
SSH client should use trusted X forwarding by default if asked for X forwarding
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openssh (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
:
: 148819 150184 171966 (view as bug list)
Depends On:
Blocks: 137160
  Show dependency treegraph
 
Reported: 2005-03-03 18:42 EST by Tomas Mraz
Modified: 2007-11-30 17:07 EST (History)
7 users (show)

See Also:
Fixed In Version: RHBA-2005-046
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-09 08:37:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Mraz 2005-03-03 18:42:51 EST
OpenSSH now defaults to no X forwarding which is right because using X
forwarding when ssh-ing to untrusted server could allow attacker to
gain access to the client's machine.

However when ssh is asked to enable X forwarding (by -X option or
ForwardX11 yes in configuration file) it will use X security extension
which will make most X applications break with cryptic error messages.
This makes X forwarding unusable. The option 'ForwardX11Trusted yes'
should be added to the configuration file so the -X option works as
expected enabling full trusted X forwarding.

See also bug 137685.
Comment 2 Mike A. Harris 2005-03-03 23:16:14 EST
Adding the bug alias "rhel4-x11forwarding" to make it easier to close
bugs as duplicates of this master bug.
Comment 3 Mike A. Harris 2005-03-06 10:53:21 EST
*** Bug 150184 has been marked as a duplicate of this bug. ***
Comment 5 Jay Turner 2005-03-17 08:24:30 EST
Fix confirmed with openssh-3.9p1-8.RHEL4.4 which is included in 	 RHBA-2005:046.
Comment 9 Tim Powers 2005-06-09 08:37:04 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2005-046.html
Comment 10 Tomas Mraz 2005-06-16 05:20:50 EDT
*** Bug 148819 has been marked as a duplicate of this bug. ***
Comment 11 Tomas Mraz 2005-10-31 09:54:53 EST
*** Bug 171966 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.