150262 – (rhel4-x11forwarding) SSH client should use trusted X forwarding by default if asked for X forwarding

Bug 150262 (rhel4-x11forwarding) - SSH client should use trusted X forwarding by default if asked for X forwarding

Summary: SSH client should use trusted X forwarding by default if asked for X forwarding

Keywords:
Status:	CLOSED ERRATA
Alias:	rhel4-x11forwarding
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	openssh
Sub Component:
Version:	4.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Tomas Mraz
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Duplicates (3):	148819 150184 171966 (view as bug list)
Depends On:
Blocks:	137160
TreeView+	depends on / blocked

Reported:	2005-03-03 23:42 UTC by Tomas Mraz
Modified:	2007-11-30 22:07 UTC (History)
CC List:	7 users (show)
Fixed In Version:	RHBA-2005-046
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-06-09 12:37:03 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2005:046	0	low	SHIPPED_LIVE	openssh bug fix update	2005-06-09 04:00:00 UTC

Description Tomas Mraz 2005-03-03 23:42:51 UTC

OpenSSH now defaults to no X forwarding which is right because using X
forwarding when ssh-ing to untrusted server could allow attacker to
gain access to the client's machine.

However when ssh is asked to enable X forwarding (by -X option or
ForwardX11 yes in configuration file) it will use X security extension
which will make most X applications break with cryptic error messages.
This makes X forwarding unusable. The option 'ForwardX11Trusted yes'
should be added to the configuration file so the -X option works as
expected enabling full trusted X forwarding.

See also bug 137685.

Comment 2 Mike A. Harris 2005-03-04 04:16:14 UTC

Adding the bug alias "rhel4-x11forwarding" to make it easier to close
bugs as duplicates of this master bug.

Comment 3 Mike A. Harris 2005-03-06 15:53:21 UTC

*** Bug 150184 has been marked as a duplicate of this bug. ***

Comment 5 Jay Turner 2005-03-17 13:24:30 UTC

Fix confirmed with openssh-3.9p1-8.RHEL4.4 which is included in 	 RHBA-2005:046.

Comment 9 Tim Powers 2005-06-09 12:37:04 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2005-046.html

Comment 10 Tomas Mraz 2005-06-16 09:20:50 UTC

*** Bug 148819 has been marked as a duplicate of this bug. ***

Comment 11 Tomas Mraz 2005-10-31 14:54:53 UTC

*** Bug 171966 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.