Tag forwarded X11 connection as remote
michel at daenzer.net
Fri Oct 6 07:40:31 UTC 2017
On 05/10/17 07:47 PM, Damien Miller wrote:
> On Wed, 4 Oct 2017, Michal Srb wrote:
>> On středa 4. října 2017 5:53:15 CEST Damien Miller wrote:
>>> On Mon, 2 Oct 2017, Michal Srb wrote:
>>>> SSH only needs to change the first byte sent from X client to server
>>>> to mark it as remote. SSH already modifies the whole first message
>>>> (replaces authorization data), so changing the first byte is easy
>>>> I have attached patch that implements it. Please check it and consider
>>>> adding it or something similar to openssh.
>>> Thanks - is this flag fully backwards-compatible? Is there a chance it
>>> could cause problems on older X11 implementations? IMO most of the people
>>> using X11 forwarding are likely using it to/from older systems.
>> It is not fully backward compatible. Older X server that does not understand
>> the 'R'/'r' flag will reject the client. The commit that added support for the
>> flag is from 2011. It seems that first time it appeared in release was in
>> version 1.14.0, which was in March 2013.
>> In addition, the potential incompatibility is only between the SSH client and
>> the X server. They are normally both running on the same machine. So in normal
>> scenario the an issue would only happen if you would install pre-1.14.0 X
>> server and newest SSH client *on the same machine*. The remote side where SSH
>> server and X applications run can have any versions, it does not affect them.
> Well that's a bit reassuring, since if it was the converse (new SSH, old X11
> clients) then that would be more problematic.
> Is it too late to make the DRI3 developers adjust their protocol to degrade
I'm afraid so; moreover, the fundamental issue is that DRI3 relies on
passing file descriptors over the display connection, and IIRC
attempting that over SSH just results in the connection hanging. Is
there any way to detect that passing file descriptors doesn't work?
FWIW, xserver >= 1.18.4 detects SSH connections via the client's process
name, treats them as remote and doesn't expose DRI3 on them.
Earthling Michel Dänzer | http://www.amd.com
Libre software enthusiast | Mesa and X developer
More information about the xorg-devel