Re: [PATCH] allow indefinite ForwardX11Timeout by setting it to 0

[table@xxxxxxxxxxxxx]

On 2018-05-28 22:12, table@xxxxxxxxxxxxx wrote:
> On 2018-04-27 16:21, table@xxxxxxxxxxxxx wrote:
> > This change allows use of untrusted X11 forwarding (which is more
> > secure) without
> > requiring users to choose a finite timeout after which to refuse new
> > connections.
> >
> > This matches the semantics of the X11 security extension itself, which
> > also treat a
> > validity timeout of 0 on an authentication cookie as indefinite.
> >
> > Signed-off-by: Trixie Able <table@xxxxxxxxxxxxx>
> > ---
> >  clientloop.c | 12 +++++++++---
> >  ssh_config.5 |  1 +
> >  2 files changed, 10 insertions(+), 3 deletions(-)
> >
> > diff --git a/clientloop.c b/clientloop.c
> > index 7bcf22e3..99dcec89 100644
> > --- a/clientloop.c
> > +++ b/clientloop.c
> > @@ -342,11 +342,17 @@ client_x11_get_proto(struct ssh *ssh, const char 
> > *display,
> >                  rmdir(xauthdir);
> >                  return -1;
> >              }
> > -
> > -            if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK)
> > +            /* add (at most) X11_TIMEOUT_SLACK to timeout to get
> > +             * x11_timeout_real, but do not adjust a timeout of 0 or
> > +             * overflow integers.
> > +             */
> > +            if (timeout == 0)
> > +                x11_timeout_real = 0;
> > +            else if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK)
> >                  x11_timeout_real = UINT_MAX;
> >              else
> >                  x11_timeout_real = timeout + X11_TIMEOUT_SLACK;
> > +
> >              if ((r = snprintf(cmd, sizeof(cmd),
> >                  "%s -f %s generate %s " SSH_X11_PROTO
> >                  " untrusted timeout %u 2>" _PATH_DEVNULL,
> > @@ -355,7 +361,7 @@ client_x11_get_proto(struct ssh *ssh, const char 
> > *display,
> >                  (size_t)r >= sizeof(cmd))
> >                  fatal("%s: cmd too long", __func__);
> >              debug2("%s: %s", __func__, cmd);
> > -            if (x11_refuse_time == 0) {
> > +            if (timeout != 0) {
> >                  now = monotime() + 1;
> >                  if (UINT_MAX - timeout < now)
> >                      x11_refuse_time = UINT_MAX;
> > diff --git a/ssh_config.5 b/ssh_config.5
> > index 71705cab..cdc407ed 100644
> > --- a/ssh_config.5
> > +++ b/ssh_config.5
> > @@ -683,6 +683,7 @@ X11 connections received by
> >  after this time will be refused.
> >  The default is to disable untrusted X11 forwarding after twenty 
> > minutes has
> >  elapsed.
> > +A timeout of zero allows untrusted X11 forwarding indefinitely.
> >  .It Cm ForwardX11Trusted
> >  If this option is set to
> >  .Cm yes ,
>
> r?
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Bump, ccing djm@xxxxxxxxxxx as annotate indicates they committed most of 
the code near these changes.

If bumping patches is discouraged please let me know--I don't mean to be 
rude but would like to have an r+ or r- for this small changeset.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev