Re: X forwarding

[Simon Tatham <anakin%pobox.com@localhost>]

der Mouse  <mouse%Rodents.Montreal.QC.CA@localhost> wrote:
> Rather than drag out stuff that I see from the archives has been
> hashed over before, I'll just ask two questions that I didn't see
> answers to in the archives.  (It's possible I missed them; I just
> grepped for "x11-req".  If they have been answered, something like a
> message-ID to grep for would be much appreciated.)
> 
> I can see no value whatever in making the client pass an X
> authentication method and data blob to the server.
[...]
> There is no additional security gained from doing so, since any
> forwarded X connection will perforce be coming from the same entity
> the client gave the data blob to, so it serves no authentication use
> to return it.

Yes, I suggested precisely this (that forwarded X connections over
the SSH connection should be unauthenticated, allowing the client to
insert its local auth and independently allowing the server to
invent fake auth). <E14L1Vs-00085L-00%ixion.tartarus.org@localhost>, 23 Jan
2001.

The consensus at the time was that several people thought my idea
was better than the existing method, some other people thought it
was at least no worse, but everybody (including me :-) agreed that
even back in early 2001 it was much too late to change it for the
only marginal gain.

> I'm implementing X forwarding as a private request which carries only a
> uint32 cookie and a screen number;
[...]
> What security horrors am I risking thereby?

Surely the main horror you're risking is that nobody else's server
will support your private request and everybody else's clients will
expect you to support the standard one?
-- 
Simon Tatham         "loop, infinite _see_ infinite loop"
<anakin%pobox.com@localhost>     - Index, Borland Pascal Language Guide