Mailing List Archive

On Thu, 2 Mar 2000, èÏÒÅ× óÅÒÇÅÊ îÉËÏÌÁÅ×ÉÞ wrote:

> Hello,
> I am using OpenSSH 1.2.1 on Solaris 2.6.
> I am using X forwarding intensively. During work OpenSSH creates
> display like `hostname`:10. Is it securely?? Why not 127.0.0.1:10 or
> localhost:10 ?

Where "hostname" is the machine you logged in _to_.

If the target does not know its own hostname then things are very
broken.

IIRC some broken Unices (references?) autodetect localhost:xx
$DISPLAYs and starting using shared memory to communicate.

-d

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)

djm@mindrot.org said:
> If the target does not know its own hostname then things are very
> broken.

> IIRC some broken Unices (references?) autodetect localhost:xx
> $DISPLAYs and starting using shared memory to communicate.

This certainly happens on Linux/XFree - I think it actually uses a
local socket rather than shmem, but the communication method is not the
same as for other IP addresses.

To make life more complicated, a machine that gets its IP address from
DHCP or similar may have an entry in hosts for its machine name but
with 127.0.0.1 (saves rewriting hosts on each address acquisition).

It would be good if openssh could handle this brokenness effectively.

Nigel.
--
[. - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham Nigel.Metheringham@VData.co.uk ]
[ Phone: +44 1423 850000 Fax +44 1423 858866 ]

Nigel Metheringham wrote:
>
> djm@mindrot.org said:
> > IIRC some broken Unices (references?) autodetect localhost:xx
> > $DISPLAYs and starting using shared memory to communicate.
> This certainly happens on Linux/XFree - I think it actually uses a
> local socket rather than shmem, but the communication method is not the
> same as for other IP addresses.

HPUX uses shmem.

> To make life more complicated, a machine that gets its IP address from
> DHCP or similar may have an entry in hosts for its machine name but
> with 127.0.0.1 (saves rewriting hosts on each address acquisition).
>
> It would be good if openssh could handle this brokenness effectively.

You could add '--with-ipaddr-display' to your configure options to get
DISPLAY in the form '192.168.1.1:10'. However, if the host returns
127.0.0.1 as the first address from gethostbyname(hostname) then this
might not work as expected. If, as has been said, some hosts use an
AF_UNIX socket whenever they detect the loopback address, this still
won't work.

I started making changes to this code to check for the loopback address
in the list of addresses returned by gethostbyname(). However, I'm not
sure how this would work with IPv6 (I've not really coded anything for
v6 yet, and I don't have an IPv6 box to test it on at work) so I
stopped. All I think needs done is, instead of just memcpy()ing
h_addr_list[0] as the IP address, take the first address that isn't
127.0.0.1, or use that address as the last resort if no others are
available.

-Andre

On Thu, Mar 02, 2000 at 09:09:38PM +1100, Damien Miller wrote:
> IIRC some broken Unices (references?) autodetect localhost:xx
> $DISPLAYs and starting using shared memory to communicate.

the X lib is buggy:

>Path: news.uni-erlangen.de!uni-erlangen.de!newsfeed1.telenordia.se!algonet!uab.ericsson.se!erix.ericsson.se!per
>From: per@erix.ericsson.se (Per Hedeland)
>Newsgroups: comp.security.ssh
>Subject: Re: X forwarding works w/ some progs, not others
>Date: 16 Dec 1999 11:24:29 GMT
>Organization: Ericsson Utvecklings AB, Stockholm, Sweden
>Lines: 64
>Sender: per@aalborg (Per Hedeland)
>Message-ID: <83ai5d$65p$1@news.du.uab.ericsson.se>
>References: <Pine.LNX.4.10.9912151933080.818-100000@localhost.localdomain> <83abh4$mif$1@pegasus.csx.cam.ac.uk>
>NNTP-Posting-Host: aalborg.du.uab.ericsson.se
>NNTP-Posting-User: per
>X-Newsreader: xrn 9.01
>Xref: news.uni-erlangen.de comp.security.ssh:12211

In article <83abh4$mif$1@pegasus.csx.cam.ac.uk>,
pjb1008@cus.cam.ac.uk (Peter Benie) writes:
>In article <Pine.LNX.4.10.9912151933080.818-100000@localhost.localdomain>,
>Steven A. Richman <on@yourNOSPAMPLEASEmom.com> wrote:
>>Programs that work include: emacs, xv, xcalc, x3270, xfontsel, xbiff,
>>acroread, xgremlin, xman, and xedit.
>>Programs that don't work include: xterm, xemacs, gv, netscape, xlogo,
>>xmag, xdvi... and most others.
>
>Another problem is that some X libraries are too clever and spot local
>displays and force the use of the UDP sockets in /tmp. Are some of your
>programs linked with different versions of the X libraries? If they are,
>check how the X client is trying to make the connection to the X server by
>running the client under strace.

This is almost certainly the case (and has been mentioned a couple of
times before here - they aren't UDP sockets though). Recent versions of
Xlib from x.org (at least the one in X11R6.4) have an extremely
brain-dead "optimization" that does just this - totally disregarding the
fact that the semantics of DISPLAY=<hostname>:<display>[.<screen>] have
always been "use TCP", while you'd leave out the <hostname> part to
request connection via Unix domain socket / named pipe.

Steven wrote that sshd/X-client was on Solaris 7, I haven't tried it
there but the Xlib that ships with Solaris 2.6 while X11R6-based does
*not* have this problem - however if you've also installed the version
from x.org you get precisely this kind of mixed behaviour depending on
how the different clients were built (might even be dependant on
LD_LIBRARY_PATH etc settings at runtime).

Below is the patch I applied to my X11R6.4 installation to just get rid
of this nonsense - as libX11 is shared you "just" need to rebuild and
re-install it to fix all the broken clients in one sweep. (Unless you
have multiple broken versions installed, that is...:-) A workaround
would be to change the DISPLAY setting to use <IP-address>:x.y instead
of <hostname>:x.y - actually you can even get sshd to do that for you,
if you #define NONSTANDARD_IP_ADDRESS_X11_KLUDGE in config.h and
rebuild - not sure if that works in the old 1.2.22 though.

--Per Hedeland
per@erix.ericsson.se

--- X11R6.4/xc/lib/X11/ConnDis.c.ORIG Fri Feb 6 23:12:07 1998
+++ X11R6.4/xc/lib/X11/ConnDis.c Thu Oct 15 12:43:15 1998
@@ -177,6 +177,11 @@

p = lastc;

+/* This is broken - no reason to assume there is anyone listening on
+ the named pipe or whatever just because it is listening on the TCP
+ socket. Plus it's broken even if that were true due to strncmp
+ potentially matching a substring of the display-hostname. /Per H */
+#if 0
#ifdef LOCALCONN
/* check if phostname == localnodename */
if (phostname && uname(&sys) >= 0 &&
@@ -185,6 +190,7 @@
Xfree (phostname);
phostname = copystring ("unix", 4);
}
+#endif
#endif

andre.lucas@dial.pipex.com said:
> You could add '--with-ipaddr-display' to your configure options to get
> DISPLAY in the form '192.168.1.1:10'. However, if the host returns
> 127.0.0.1 as the first address from gethostbyname(hostname) then this
> might not work as expected. If, as has been said, some hosts use an
> AF_UNIX socket whenever they detect the loopback address, this still
> won't work.

Another seriously tacky solution, would be to check the hostname/ip
mapping of the display hostname, and if it points to 127.0.0.1, change
it so that you use 127.0.0.2 as the display hostname. Believe it or
not this does work on the boxes I tries - the code that does the
loopback "optimization" isn't bright enough to realise that in general
the whole 127.0.0.0/8 network is looped.

Nigel.
--
[. - Opinions expressed are personal and may not be shared by VData - ]
[ Nigel Metheringham Nigel.Metheringham@VData.co.uk ]
[ Phone: +44 1423 850000 Fax +44 1423 858866 ]