Subject: Re: SSH X11 forwarding crashes clients.
To: None <liman@autonomica.se>
From: Ben Harris <bjh21@netbsd.org>
List: current-users
Date: 12/06/2005 22:03:25
In article <22r78wfr8f.fsf@aptop.autonomica.net> you write:
>jarle@uninett.no (and others, with the same content):
>> Yes. "X11 Security extensions" is the culprit. Take a look at
>> the -Y flag in the ssh client manual page, or possibly the
>> ForwardX11Trusted directive the the ssh_config(5) page.
>
>Ah. Works. Thank you, Jarle and others, who all pointed this out to me.
>
>Would it too much asking that somone with the right clue and CVS bits
>inject some code, so that ssh produces an error message that is
>slightly more informative than the
>
> X protocol error: BadWindow (invalid Window parameter) on protocol
> request 38
>
>one gets from the X11 application on the remote side? *PLEASE*!?
It probably would. As I understand it, all that ssh does is to ask the X
server for an untrusted cookie when setting up X forwarding. It's then the
X server that gives the BadWindow error to the X client, in response to
which the X client closes the X connection. For ssh to detect this, it
would have to parse all of the X protocol requests going past and detect
when the X server returned an error that it wouldn't have returned if the
cookie had been a trusted one. It's possible it might even need to detect
whether the X client was planning to close the connection as a result (since
a clever client might be able to work around the problem).
Of course, my understanding could be incorrect -- the ssh manual page wasn't
very clear last time I looked.
>How about: "Untrusted X11 client terminated. See ssh -Y flag." in the
>ssh client end? Yes I understand that there are problems with the fact
>that the X application doesn't have a direct relationship with SSH,
>but still - ssh terminates the X11 session,
What makes you think this?
--
Ben Harris