current-users: Re: SSH X11 forwarding crashes clients.

Subject: Re: SSH X11 forwarding crashes clients.
To: Lars-Johan Liman <liman@autonomica.se>
From: Johnny Billquist <johnny.billquist@softjar.se>
List: current-users
Date: 12/01/2005 15:46:43
Yup.
Security "feature".
use "ssh -Y"

	Johnny

Lars-Johan Liman wrote:
> Anyone else seeing this?
> 
> 1) Start from 3.99.11 2005-11-28.
> 
> 2) Start X server and xterm on local machine.
> 
> 3) ssh with X11 forwarding to remote older box.
> 
> 4) Start X11 application on remote box (e.g. xterm or emacs).
> 
> 5) Select text in window opened by remote application.
> 5a) If emacs, watch client die.
> 
> 6) Paste text into local window using <SHIFT> + <INSERT>.
> 6b) If other client (e.g. xterm), watch client die.
> 
> The error message I get is:
> 
> X protocol error: BadWindow (invalid Window parameter) on protocol request 38
> 
> On a Mac (see below) I get the following from xterm:
> 
> xterm:  warning, error event received:
> X Error of failed request:  BadAtom (invalid Atom parameter)
>   Major opcode of failed request:  18 (X_ChangeProperty)
>   Atom id in failed request:  0x17e
>   Serial number of failed request:  187
>   Current serial number in output stream:  189
> 
> 
> Now to the strange thing: If I open up direct access to the X server
> (xhost +<remote-IP#> - for testing puposes only) and manually set the
> DISPLAY to the <IP#> of the local machine (as one did in the old
> insecure days ... ;-) on the remote machine _before_ issuing the
> commands that start the X11 applications in question, I have no
> problems what so ever. Window opens, cut-n-paste works like a charm.
> 
> I can repeat this perfectly fine using remote boxes with
> 
> NetBSD 1.6ZK, sshd version OpenSSH_3.6.1 NetBSD_Secure_Shell-20030917
> 
> MacOS X 10.3.9, sshd version OpenSSH_3.6.1p1+CAN-2004-0175
> 
> Linux/Debian unstable, kernel 2.6.12, sshd OpenSSH_4.2p1 Debian-4, OpenSSL 0.9.7g 11 Apr 2005
> 
> Since the problem does appear with very different remote hosts, but
> doesn't appear with direct X11 connections, I presume the problem sits
> in my "local machine" and in its ssh client or some component thereof -
> possibly OpenSSL.
> 
> BTW, the other way around seems to work fine. Using the X server on
> the Mac, logging in (ssh with X11 forw) to my 3.99.11 box, starting
> window, etc., seems to be OK.
> 
> Comments? "Me-too"s? Known issue? Fix?
> 
> 				Cheers,
> 				  /Liman
> #----------------------------------------------------------------------
> # There are 10 kinds of people in the world. Those who understand
> # binary numbers, and those who don't.
> #----------------------------------------------------------------------
> # Lars-Johan Liman, M.Sc.	! E-mail: liman@autonomica.se
> # Senior Systems Specialist     ! HTTP  : //www.autonomica.se/
> # Autonomica AB, Stockholm 	! Voice : +46 8 - 615 85 72
> #----------------------------------------------------------------------

-- 
Johnny Billquist                  || "I'm on a bus
                                   ||  on a psychedelic trip
email: bqt@update.uu.se           ||  Reading murder books
pdp is alive!                     ||  tryin' to stay hip" - B. Idol


-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.362 / Virus Database: 267.13.10/188 - Release Date: 2005-11-29