Mail archive

Re: [alpine-devel] main/xorg-server: Enable xcsecurity to allow ssh X11 forwarding

From: <>
Date: Sat, 4 Mar 2017 18:53:05 +0100

On 03/04/2017 04:54 PM, Jean-Louis Fuchs wrote:

>>> Could somebody take a look at this issue:

NB: i'm not the/a mantainer of the xorg package (on any other package)

>>> I know I should have sent a patch to the aports list, but I missed the
>>> wiki-page about patches. I don't want to duplicate things, so I hope
>>> we can solve this on the bug-tracker.
>> AFAIK, XCSECURITY are disabled on most (linux) Xorg packages, and on freebsd
>> and cygwin too (just search xcsecurity/xsecurity on google).
> ssh -X works on Debian, Arch, Ubuntu, Fedora, CentOS, SuSE.
> The only distro that I know that has no xcsecurity is alpine.

Ok, my fault, when I was researching on this subject some time ago, I
found that these extension where disabled by default by the upstream
(generic reasons like "obsolete" a/o "insecure") in favor of the new
XACE extensions (which seems to be at least not used/incomplete, maybe
someone has more updated infos?)

After that various distro (debian, red-hat, ..) have re-enabled it, eg:

but i'm on Slackware (and Alpine) so I didn't noticed it :)

>> I just tried some weeks ago to use ssh -X on a OpenBSD X11 server, and many
>> applications just crashes with "bad access" or similar, as noted in this
>> mail:
> All my applications work without problems. We are using it since more
> than 10 years, never had a single problem.
> ssh -X is definitely nothing special, instable or esoteric. But I

That's interesting, good to know; I was also using ssh -X a lot, but
since it was disabled upstream I got this kind of troubles all the times
I tried; probabily I have to test again, using the same distro/settings
on both clients and server.

> don't understand the security implications completely, so I can accept
> a well-founded no.

Did you already tried to recompile xorg on alpine with -xcsecurity enabled?


Received on Sat Mar 04 2017 - 18:53:05 GMT