[REPOST PATCH xauth] Don't crash when running past the end of the chain
Egbert Eich
eich at freedesktop.org
Thu Sep 19 02:40:49 PDT 2013
On Wed, Sep 18, 2013 at 06:26:21PM -0400, Mouse wrote:
> >> [PATCH xauth] Look for FamilyLocal if inet or inet6 address is loopback
>
> Based solely on this description, I'd say this is a "maybe".
>
> If the address came from resolving a name, as in "xhost +localhost",
> then I like this. But if the address was specified directly, as in
> "xhost +::1", then I'd go so far as to say that adding FamilyLocal, or,
> worse, replacing it with FamilyLocal, is a bug.
>
> Though, as always, that opinion is probably worth what you paid for it.
This is a patch to xauth, not xhost. xauth is there to
manipulate get/set/manipulate the credentials file used
by X clients.
xset talks to the server and sets the access control list
based on source and transport mechanism.
Also you didn't see the full comment, only the subject.
The full comment described the reasoning behind the change
which I believe is still valid:
Look for FamilyLocal if inet or inet6 address is loopback
libxcb uses FamilyLocal authorization if the host name or IP in the
display string is from the loopback device. This patch adds the same
behavior to xauth.
This fixes a long standing problem that for ssh tunneled connections
a display variable of the form: localhost:<N>.<M> leads to correct
authorization when an X client is started but "xauth list $DISPLAY"
returns nothing.
libxcb picks an entry from the credentials file based on the the DISPLAY
variable to authenticate the client with the server.
This very same entry should be printed when calling 'xauth list $DISPLAY'
which is currently not the case.
I can repost the patches here, but I've done so twice already
so they can easily be found in the July and August archives.
Cheers,
Egbert.
More information about the xorg-devel
mailing list