On 2018-05-28 22:12, table@xxxxxxxxxxxxx wrote:
On 2018-04-27 16:21, table@xxxxxxxxxxxxx wrote:
This change allows use of untrusted X11 forwarding (which is more
secure) without
requiring users to choose a finite timeout after which to refuse new
connections.
This matches the semantics of the X11 security extension itself, which
also treat a
validity timeout of 0 on an authentication cookie as indefinite.
Signed-off-by: Trixie Able <table@xxxxxxxxxxxxx>
---
clientloop.c | 12 +++++++++---
ssh_config.5 | 1 +
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/clientloop.c b/clientloop.c
index 7bcf22e3..99dcec89 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -342,11 +342,17 @@ client_x11_get_proto(struct ssh *ssh, const char
*display,
rmdir(xauthdir);
return -1;
}
-
- if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK)
+ /* add (at most) X11_TIMEOUT_SLACK to timeout to get
+ * x11_timeout_real, but do not adjust a timeout of 0 or
+ * overflow integers.
+ */
+ if (timeout == 0)
+ x11_timeout_real = 0;
+ else if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK)
x11_timeout_real = UINT_MAX;
else
x11_timeout_real = timeout + X11_TIMEOUT_SLACK;
+
if ((r = snprintf(cmd, sizeof(cmd),
"%s -f %s generate %s " SSH_X11_PROTO
" untrusted timeout %u 2>" _PATH_DEVNULL,
@@ -355,7 +361,7 @@ client_x11_get_proto(struct ssh *ssh, const char
*display,
(size_t)r >= sizeof(cmd))
fatal("%s: cmd too long", __func__);
debug2("%s: %s", __func__, cmd);
- if (x11_refuse_time == 0) {
+ if (timeout != 0) {
now = monotime() + 1;
if (UINT_MAX - timeout < now)
x11_refuse_time = UINT_MAX;
diff --git a/ssh_config.5 b/ssh_config.5
index 71705cab..cdc407ed 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -683,6 +683,7 @@ X11 connections received by
after this time will be refused.
The default is to disable untrusted X11 forwarding after twenty
minutes has
elapsed.
+A timeout of zero allows untrusted X11 forwarding indefinitely.
.It Cm ForwardX11Trusted
If this option is set to
.Cm yes ,
r?
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Bump, ccing djm@xxxxxxxxxxx as annotate indicates they committed most of
the code near these changes.
If bumping patches is discouraged please let me know--I don't mean to be
rude but would like to have an r+ or r- for this small changeset.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev