Bug 162920 - xinerama breaks untrusted remote X11 clients via ssh forwarding
xinerama breaks untrusted remote X11 clients via ssh forwarding
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: xorg-x11 (Show other bugs)
4
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: X/OpenGL Maintenance List
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-07-11 13:27 EDT by long
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-07-12 06:38:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description long 2005-07-11 13:27:44 EDT
Description of problem:


Using an ATI Radeon X300 with two monitors connected.  If I do NOT enable
xinerama then all of my remote X11 clients that are forwarded via ssh work
normally.  If I enable xinerama then all of my remote X11 clients fail, most of
the time they appear to hang.  If I use 'ssh -Y' to connect to the remote
system(s) then the X11 clients work normally again.  So I'm not sure if this is
a bug or by design.  Here is my xorg.conf:

# Xorg configuration created by system-config-display

Section "ServerLayout"
	Identifier     "Multihead layout"
	Screen      0  "Screen0" RightOf "Screen1"
	Screen      1  "Screen1" 0 0
	InputDevice    "Mouse0" "CorePointer"
	InputDevice    "Keyboard0" "CoreKeyboard"
	Option	    "Xinerama" "on"
	Option	    "Clone" "off"
EndSection

Section "Files"
	RgbPath      "/usr/X11R6/lib/X11/rgb"
	ModulePath   "/usr/X11R6/lib/modules"
	FontPath     "unix/:7100"
#	FontPath     "/usr/X11R6/lib/X11/fonts/misc/"
#	FontPath     "/usr/X11R6/lib/X11/fonts/TTF/"
#	FontPath     "/usr/X11R6/lib/X11/fonts/Type1/"
#	FontPath     "/usr/X11R6/lib/X11/fonts/CID/"
#	FontPath     "/usr/X11R6/lib/X11/fonts/75dpi/"
#	FontPath     "/usr/X11R6/lib/X11/fonts/100dpi/"
EndSection

Section "Module"
	Load  "record"
	Load  "extmod"
	Load  "fbdevhw"
	Load  "vnc"
	Load  "xtrap"
	Load  "dbe"
	Load  "glx"
	Load  "type1"
	Load  "freetype"
	Load  "dri"
EndSection

Section "InputDevice"
	Identifier  "Keyboard0"
	Driver      "kbd"
EndSection

Section "InputDevice"

#	Option	    "Protocol" "auto"
	Identifier  "Mouse0"
	Driver      "mouse"
	Option	    "Protocol" "IMPS/2"
#	Option	    "Device" "/dev/mouse"
	Option	    "Device" "/dev/input/mice"
        Option      "ZAxisMapping" "4 5"
EndSection

Section "Monitor"

	#DisplaySize	  410   310	# mm
	Identifier   "Monitor0"
	VendorName   "DEL"
	ModelName    "DELL 2001FP"
	HorizSync    31.0 - 80.0
	VertRefresh  56.0 - 76.0
	Option	    "DPMS"
EndSection

Section "Monitor"
	Identifier   "Monitor1"
	VendorName   "Monitor Vendor"
	ModelName    "Dell P991"
	HorizSync    30.0 - 107.0
	VertRefresh  48.0 - 120.0
	Option	    "dpms"
EndSection

Section "Device"

        ### Available Driver options are:-
        ### Values: <i>: integer, <f>: float, <bool>: "True"/"False",
        ### <string>: "String", <freq>: "<f> Hz/kHz/MHz"
        ### [arg]: arg optional
        #Option     "NoAccel"            	# [<bool>]
        #Option     "SWcursor"           	# [<bool>]
        #Option     "Dac6Bit"            	# [<bool>]
        #Option     "Dac8Bit"            	# [<bool>]
        #Option     "BusType"            	# [<str>]
        #Option     "CPPIOMode"          	# [<bool>]
        #Option     "CPusecTimeout"      	# <i>
        #Option     "AGPMode"            	# <i>
        #Option     "AGPFastWrite"       	# [<bool>]
        #Option     "AGPSize"            	# <i>
        #Option     "GARTSize"           	# <i>
        #Option     "RingSize"           	# <i>
        #Option     "BufferSize"         	# <i>
        #Option     "EnableDepthMoves"   	# [<bool>]
        #Option     "EnablePageFlip"     	# [<bool>]
        #Option     "NoBackBuffer"       	# [<bool>]
        #Option     "PanelOff"           	# [<bool>]
        #Option     "DDCMode"            	# [<bool>]
        #Option     "MonitorLayout"      	# [<str>]
        #Option     "IgnoreEDID"         	# [<bool>]
        #Option     "UseFBDev"           	# [<bool>]
        #Option     "VideoKey"           	# <i>
        #Option     "MergedFB"           	# [<bool>]
        #Option     "CRT2HSync"          	# [<str>]
        #Option     "CRT2VRefresh"       	# [<str>]
        #Option     "CRT2Position"       	# [<str>]
        #Option     "MetaModes"          	# [<str>]
        #Option     "MergedDPI"          	# [<str>]
        #Option     "NoMergedXinerama"   	# [<bool>]
        #Option     "MergedXineramaCRT2IsScreen0" 	# [<bool>]
        #Option     "DisplayPriority"    	# [<str>]
        #Option     "PanelSize"          	# [<str>]
        #Option     "ForceMinDotClock"   	# <freq>
        #Option     "RenderAccel"        	# [<bool>]
        #Option     "SubPixelOrder"      	# [<str>]
        #Option     "ShowCache"          	# [<bool>]
        #Option     "DynamicClocks"      	# [<bool>]
	Identifier  "Card0"
	Driver      "radeon"
	VendorName  "ATI Technologies Inc"
	BoardName   "ATI Radeon X300"
	BusID       "PCI:1:0:0"
	Option      "NoMergedXinerama" "true"
EndSection

Section "Device"
	Identifier  "Videocard1"
	Driver      "radeon"
	VendorName  "Videocard Vendor"
	BoardName   "ATI Radeon X300"
	BusID       "PCI:1:0:0"
	Screen      1
	Option      "NoMergedXinerama" "true"
EndSection

Section "Screen"
	Identifier "Screen0"
	Device     "Card0"
	Monitor    "Monitor0"
	DefaultDepth     24
	SubSection "Display"
		Viewport   0 0
		Depth     1
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     4
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     8
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     15
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     16
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     24
		Modes    "1600x1200" "1400x1050" "1280x960" "1280x800" "1280x1024" "1152x864"
"1024x768" "800x600" "640x480"
	EndSubSection
EndSection

Section "Screen"
	Identifier "Screen1"
	Device     "Videocard1"
	Monitor    "Monitor1"
	DefaultDepth     24
	SubSection "Display"
		Viewport   0 0
		Depth     24
		Modes    "1600x1200"
	EndSubSection
EndSection

Here's what I have for forwarding in my /etc/ssh/ssh_config:

        ForwardX11 yes

Version-Release number of selected component (if applicable):

xorg-x11-6.8.2-37

How reproducible:

Every time.

Steps to Reproduce:
1. Use the xorg.conf from above.
2. ssh remotemachine
3. run xclock
  
Actual results:

xclock hangs, no output, nothing displaying on my displays, nothing.

Expected results:

xclock should run, just as it does when I'm NOT using xinerama.

Additional info:
Comment 1 Mike A. Harris 2005-07-12 06:38:02 EDT
ssh X11 forwarding is disabled by default in openssh in Fedora Core 4, and
Fedora Core 3 with all updates applied.  The openssh project changed the
defaults of ssh to forward only trusted clients by default which breaks
pretty much every application out there and is not a sensible default.

Since this change was made for security reasons by the openssh project,
we changed the default in our openssh packages to be "no X11 forwarding
at all" by default in order to keep a sane default security policy, but
not confuse users into thinking X11 forwarding should work.

In order to have working ssh forwarding, you must invoke ssh with -Y
always, or reconfigure your ssh server or clients to re-enable full
X11 forwarding.

The reason this only fails when you use Xinerama, is that an untrusted
code path exists under Xinerama which does not exist without it.

Setting bug status to "NOTABUG"

Note You need to log in before you can comment on or make changes to this bug.