X-Original-To: alpine-devel@lists.alpinelinux.org
Received: from mailauth4.nine.ch (mailauth4.nine.ch [94.230.211.190])
	by lists.alpinelinux.org (Postfix) with ESMTP id B89F25C502F
	for <alpine-devel@lists.alpinelinux.org>; Sat,  4 Mar 2017 15:54:02 +0000 (GMT)
Received: from localhost (localhost [127.0.0.1])
	by mailauth4.nine.ch (Postfix) with ESMTP id 0962DBFAF1;
	Sat,  4 Mar 2017 16:54:02 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at mailauth4.nine.ch
X-Spam-Flag: NO
X-Spam-Score: -1
X-Spam-Level: 
X-Spam-Status: No, score=-1 tagged_above=-999 required=5.6
	tests=[ALL_TRUSTED=-1] autolearn=disabled
Received: from mailauth4.nine.ch ([127.0.0.1])
	by localhost (mailauth4.nine.ch [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id L2SOHQfTiZbd; Sat,  4 Mar 2017 16:54:00 +0100 (CET)
Received: from vimes (174.180.4.85.dynamic.wline.res.cust.swisscom.ch [85.4.180.174])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: pf@1042.ch)
	by mailauth4.nine.ch (Postfix) with ESMTPSA;
	Sat,  4 Mar 2017 16:54:00 +0100 (CET)
Received: by vimes (Postfix, from userid 1000)
	id 7C62A200D7; Sat,  4 Mar 2017 16:54:00 +0100 (CET)
Date: Sat, 4 Mar 2017 16:54:00 +0100
From: Jean-Louis Fuchs <ganwell@fangorn.ch>
To: "lists@cioccolatai.it" <lists@cioccolatai.it>
Cc: alpine-devel@lists.alpinelinux.org
Subject: Re: [alpine-devel] main/xorg-server: Enable xcsecurity to allow ssh
 X11 forwarding
Message-ID: <20170304155400.GA25823@angua.1042.ch>
References: <20170304135150.GA5099@angua.1042.ch>
 <662e9ec7-a3d9-5f07-1646-a05cc409a046@cioccolatai.it>
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="17pEHd4RhPHOinZp"
Content-Disposition: inline
In-Reply-To: <662e9ec7-a3d9-5f07-1646-a05cc409a046@cioccolatai.it>
User-Agent: Mutt/1.7.2 (2016-11-26)


--17pEHd4RhPHOinZp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi I

On Sat, Mar 04, 2017 at 04:00:28PM +0100, lists@cioccolatai.it wrote:
> On 03/04/2017 02:51 PM, Jean-Louis Fuchs wrote:
>=20
> > Could somebody take a look at this issue:
> >=20
> > http://bugs.alpinelinux.org/issues/6696
> >=20
> > I know I should have sent a patch to the aports list, but I missed the
> > wiki-page about patches. I don't want to duplicate things, so I hope
> > we can solve this on the bug-tracker.
>=20
> AFAIK, XCSECURITY are disabled on most (linux) Xorg packages, and on free=
bsd
> and cygwin too (just search xcsecurity/xsecurity on google).

ssh -X works on Debian, Arch, Ubuntu, Fedora, CentOS, SuSE.
The only distro that I know that has no xcsecurity is alpine.

> I just tried some weeks ago to use ssh -X on a OpenBSD X11 server, and ma=
ny
> applications just crashes with "bad access" or similar, as noted in this
> mail:
> https://cygwin.com/ml/cygwin-xfree/2008-11/msg00154.html

All my applications work without problems. We are using it since more
than 10 years, never had a single problem.
=20
> Of course it is still possible to use ssh -Y to connect to Xorg remotely,
> using the "trusted forwarding".

Well, I don't want to do trusted forwarding, because you have to trust
the machine you forward to 100%.

ssh -X is definitely nothing special, instable or esoteric. But I
don't understand the security implications completely, so I can accept
a well-founded no.

Best,
    Jean-Louis

--17pEHd4RhPHOinZp
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJYuuMVXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ3RTBFQTE3OUE3QUY0QTdFNTU1REIzRDU0
Mzk1OUY2ODQwODg2RDQ1AAoJEEOVn2hAiG1FxHAP/i0BxFzEnoYY1StcGK9/iSr8
UeClvfMiiR6pDO+n1OE0fLkgSGY7wXirV8GzegsfkKUUxBkzwTCtEI0n0DVTKLfE
BsRFH/+cI+VX/En5OC0x3QhfoJvkYjlzv5LAj/Xd1tV4WV8rqoarYDuRWQUe6Oew
TQOz413IBjSKSXdBCdTo5guMF7Y6mQt63Yi7+9M+pDXQbiiWC5x9N9HLlU15jM/e
45XKCFyw5lpqm6u2cDIMpBd5NbedAy7KQSC5c71E7Jsou69y33bKxjhY5Ni2AEzc
Fal/NJ7jPiyggFy3gi7fQOgSsZMZidzy9OKN/+2Q8kvJG3/VvJcBTSHxkOdKJgoD
acYYVRVLhx6qB6boDrhWQ5rXGC/T7vYhUOAGVRsvvYFULetaNN66VcvO7QvBVsm5
h+OcifT3VZqfPjG7VCZuFPDXccdP8X+agcm+ZiJSmMIzSn71HxC3ARsxWF/QR7vV
8bozEpGCxDFu7vOGPlKvdijuH2Y3sTRaVB+MmYStjFXzpBcdSVobmGPPR5hWRCXj
f55xY3r6/dcEIsVyblDn0u3kVH1cSaLck0dXZbmxIP33M3LuMIEWj7Z2giaonXqp
Rk1lZnQywzeMMpxv56GY/Zx3MjzLLFQC5yQcOfpuTBbHcsRsWVEVAk9byoRKSz2p
hc5kPNc3Akp6JB0jOgV1
=LV7Z
-----END PGP SIGNATURE-----

--17pEHd4RhPHOinZp--


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---