Mail archive
alpine-devel

Re: [alpine-devel] main/xorg-server: Enable xcsecurity to allow ssh X11 forwarding

From: Jean-Louis Fuchs <ganwell_at_fangorn.ch>
Date: Sat, 4 Mar 2017 16:54:00 +0100

Hi I

On Sat, Mar 04, 2017 at 04:00:28PM +0100, lists_at_cioccolatai.it wrote:
> On 03/04/2017 02:51 PM, Jean-Louis Fuchs wrote:
>
> > Could somebody take a look at this issue:
> >
> > http://bugs.alpinelinux.org/issues/6696
> >
> > I know I should have sent a patch to the aports list, but I missed the
> > wiki-page about patches. I don't want to duplicate things, so I hope
> > we can solve this on the bug-tracker.
>
> AFAIK, XCSECURITY are disabled on most (linux) Xorg packages, and on freebsd
> and cygwin too (just search xcsecurity/xsecurity on google).

ssh -X works on Debian, Arch, Ubuntu, Fedora, CentOS, SuSE.
The only distro that I know that has no xcsecurity is alpine.

> I just tried some weeks ago to use ssh -X on a OpenBSD X11 server, and many
> applications just crashes with "bad access" or similar, as noted in this
> mail:
> https://cygwin.com/ml/cygwin-xfree/2008-11/msg00154.html

All my applications work without problems. We are using it since more
than 10 years, never had a single problem.
 
> Of course it is still possible to use ssh -Y to connect to Xorg remotely,
> using the "trusted forwarding".

Well, I don't want to do trusted forwarding, because you have to trust
the machine you forward to 100%.

ssh -X is definitely nothing special, instable or esoteric. But I
don't understand the security implications completely, so I can accept
a well-founded no.

Best,
    Jean-Louis




---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Sat Mar 04 2017 - 16:54:00 UTC