> On 2018-05-28 22:12, table@xxxxxxxxxxxxx wrote: >> >> On 2018-04-27 16:21, table@xxxxxxxxxxxxx wrote: >>> >>> This change allows use of untrusted X11 forwarding (which is more >>> secure) without >>> requiring users to choose a finite timeout after which to refuse new >>> connections. >>> >>> This matches the semantics of the X11 security extension itself, which >>> also treat a >>> validity timeout of 0 on an authentication cookie as indefinite. >>> >>> Signed-off-by: Trixie Able <table@xxxxxxxxxxxxx> >>> --- >>> clientloop.c | 12 +++++++++--- >>> ssh_config.5 | 1 + >>> 2 files changed, 10 insertions(+), 3 deletions(-) >>> >>> diff --git a/clientloop.c b/clientloop.c >>> index 7bcf22e3..99dcec89 100644 >>> --- a/clientloop.c >>> +++ b/clientloop.c >>> @@ -342,11 +342,17 @@ client_x11_get_proto(struct ssh *ssh, const char >>> *display, >>> rmdir(xauthdir); >>> return -1; >>> } >>> - >>> - if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK) >>> + /* add (at most) X11_TIMEOUT_SLACK to timeout to get >>> + * x11_timeout_real, but do not adjust a timeout of 0 or >>> + * overflow integers. >>> + */ >>> + if (timeout == 0) >>> + x11_timeout_real = 0; >>> + else if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK) >>> x11_timeout_real = UINT_MAX; >>> else >>> x11_timeout_real = timeout + X11_TIMEOUT_SLACK; >>> + >>> if ((r = snprintf(cmd, sizeof(cmd), >>> "%s -f %s generate %s " SSH_X11_PROTO >>> " untrusted timeout %u 2>" _PATH_DEVNULL, >>> @@ -355,7 +361,7 @@ client_x11_get_proto(struct ssh *ssh, const char >>> *display, >>> (size_t)r >= sizeof(cmd)) >>> fatal("%s: cmd too long", __func__); >>> debug2("%s: %s", __func__, cmd); >>> - if (x11_refuse_time == 0) { >>> + if (timeout != 0) { >>> now = monotime() + 1; >>> if (UINT_MAX - timeout < now) >>> x11_refuse_time = UINT_MAX; >>> diff --git a/ssh_config.5 b/ssh_config.5 >>> index 71705cab..cdc407ed 100644 >>> --- a/ssh_config.5 >>> +++ b/ssh_config.5 >>> @@ -683,6 +683,7 @@ X11 connections received by >>> after this time will be refused. >>> The default is to disable untrusted X11 forwarding after twenty minutes >>> has >>> elapsed. >>> +A timeout of zero allows untrusted X11 forwarding indefinitely. >>> .It Cm ForwardX11Trusted >>> If this option is set to >>> .Cm yes , >> >> >> r? > > > Bump, ccing djm@xxxxxxxxxxx as annotate indicates they committed most of the > code near these changes. > > If bumping patches is discouraged please let me know--I don't mean to be > rude but would like to have an r+ or r- for this small changeset. This is reasonable and I'd like to see it in the tree, if someone gets a chance to review soon. Thanks _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev