Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 162920 - xinerama breaks untrusted remote X11 clients via ssh forwarding
Summary: xinerama breaks untrusted remote X11 clients via ssh forwarding
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: xorg-x11
Version: 4
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: X/OpenGL Maintenance List
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-07-11 17:27 UTC by long
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-07-12 10:38:02 UTC


Attachments (Terms of Use)

Description long 2005-07-11 17:27:44 UTC
Description of problem:


Using an ATI Radeon X300 with two monitors connected.  If I do NOT enable
xinerama then all of my remote X11 clients that are forwarded via ssh work
normally.  If I enable xinerama then all of my remote X11 clients fail, most of
the time they appear to hang.  If I use 'ssh -Y' to connect to the remote
system(s) then the X11 clients work normally again.  So I'm not sure if this is
a bug or by design.  Here is my xorg.conf:

# Xorg configuration created by system-config-display

Section "ServerLayout"
	Identifier     "Multihead layout"
	Screen      0  "Screen0" RightOf "Screen1"
	Screen      1  "Screen1" 0 0
	InputDevice    "Mouse0" "CorePointer"
	InputDevice    "Keyboard0" "CoreKeyboard"
	Option	    "Xinerama" "on"
	Option	    "Clone" "off"
EndSection

Section "Files"
	RgbPath      "/usr/X11R6/lib/X11/rgb"
	ModulePath   "/usr/X11R6/lib/modules"
	FontPath     "unix/:7100"
#	FontPath     "/usr/X11R6/lib/X11/fonts/misc/"
#	FontPath     "/usr/X11R6/lib/X11/fonts/TTF/"
#	FontPath     "/usr/X11R6/lib/X11/fonts/Type1/"
#	FontPath     "/usr/X11R6/lib/X11/fonts/CID/"
#	FontPath     "/usr/X11R6/lib/X11/fonts/75dpi/"
#	FontPath     "/usr/X11R6/lib/X11/fonts/100dpi/"
EndSection

Section "Module"
	Load  "record"
	Load  "extmod"
	Load  "fbdevhw"
	Load  "vnc"
	Load  "xtrap"
	Load  "dbe"
	Load  "glx"
	Load  "type1"
	Load  "freetype"
	Load  "dri"
EndSection

Section "InputDevice"
	Identifier  "Keyboard0"
	Driver      "kbd"
EndSection

Section "InputDevice"

#	Option	    "Protocol" "auto"
	Identifier  "Mouse0"
	Driver      "mouse"
	Option	    "Protocol" "IMPS/2"
#	Option	    "Device" "/dev/mouse"
	Option	    "Device" "/dev/input/mice"
        Option      "ZAxisMapping" "4 5"
EndSection

Section "Monitor"

	#DisplaySize	  410   310	# mm
	Identifier   "Monitor0"
	VendorName   "DEL"
	ModelName    "DELL 2001FP"
	HorizSync    31.0 - 80.0
	VertRefresh  56.0 - 76.0
	Option	    "DPMS"
EndSection

Section "Monitor"
	Identifier   "Monitor1"
	VendorName   "Monitor Vendor"
	ModelName    "Dell P991"
	HorizSync    30.0 - 107.0
	VertRefresh  48.0 - 120.0
	Option	    "dpms"
EndSection

Section "Device"

        ### Available Driver options are:-
        ### Values: <i>: integer, <f>: float, <bool>: "True"/"False",
        ### <string>: "String", <freq>: "<f> Hz/kHz/MHz"
        ### [arg]: arg optional
        #Option     "NoAccel"            	# [<bool>]
        #Option     "SWcursor"           	# [<bool>]
        #Option     "Dac6Bit"            	# [<bool>]
        #Option     "Dac8Bit"            	# [<bool>]
        #Option     "BusType"            	# [<str>]
        #Option     "CPPIOMode"          	# [<bool>]
        #Option     "CPusecTimeout"      	# <i>
        #Option     "AGPMode"            	# <i>
        #Option     "AGPFastWrite"       	# [<bool>]
        #Option     "AGPSize"            	# <i>
        #Option     "GARTSize"           	# <i>
        #Option     "RingSize"           	# <i>
        #Option     "BufferSize"         	# <i>
        #Option     "EnableDepthMoves"   	# [<bool>]
        #Option     "EnablePageFlip"     	# [<bool>]
        #Option     "NoBackBuffer"       	# [<bool>]
        #Option     "PanelOff"           	# [<bool>]
        #Option     "DDCMode"            	# [<bool>]
        #Option     "MonitorLayout"      	# [<str>]
        #Option     "IgnoreEDID"         	# [<bool>]
        #Option     "UseFBDev"           	# [<bool>]
        #Option     "VideoKey"           	# <i>
        #Option     "MergedFB"           	# [<bool>]
        #Option     "CRT2HSync"          	# [<str>]
        #Option     "CRT2VRefresh"       	# [<str>]
        #Option     "CRT2Position"       	# [<str>]
        #Option     "MetaModes"          	# [<str>]
        #Option     "MergedDPI"          	# [<str>]
        #Option     "NoMergedXinerama"   	# [<bool>]
        #Option     "MergedXineramaCRT2IsScreen0" 	# [<bool>]
        #Option     "DisplayPriority"    	# [<str>]
        #Option     "PanelSize"          	# [<str>]
        #Option     "ForceMinDotClock"   	# <freq>
        #Option     "RenderAccel"        	# [<bool>]
        #Option     "SubPixelOrder"      	# [<str>]
        #Option     "ShowCache"          	# [<bool>]
        #Option     "DynamicClocks"      	# [<bool>]
	Identifier  "Card0"
	Driver      "radeon"
	VendorName  "ATI Technologies Inc"
	BoardName   "ATI Radeon X300"
	BusID       "PCI:1:0:0"
	Option      "NoMergedXinerama" "true"
EndSection

Section "Device"
	Identifier  "Videocard1"
	Driver      "radeon"
	VendorName  "Videocard Vendor"
	BoardName   "ATI Radeon X300"
	BusID       "PCI:1:0:0"
	Screen      1
	Option      "NoMergedXinerama" "true"
EndSection

Section "Screen"
	Identifier "Screen0"
	Device     "Card0"
	Monitor    "Monitor0"
	DefaultDepth     24
	SubSection "Display"
		Viewport   0 0
		Depth     1
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     4
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     8
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     15
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     16
	EndSubSection
	SubSection "Display"
		Viewport   0 0
		Depth     24
		Modes    "1600x1200" "1400x1050" "1280x960" "1280x800" "1280x1024" "1152x864"
"1024x768" "800x600" "640x480"
	EndSubSection
EndSection

Section "Screen"
	Identifier "Screen1"
	Device     "Videocard1"
	Monitor    "Monitor1"
	DefaultDepth     24
	SubSection "Display"
		Viewport   0 0
		Depth     24
		Modes    "1600x1200"
	EndSubSection
EndSection

Here's what I have for forwarding in my /etc/ssh/ssh_config:

        ForwardX11 yes

Version-Release number of selected component (if applicable):

xorg-x11-6.8.2-37

How reproducible:

Every time.

Steps to Reproduce:
1. Use the xorg.conf from above.
2. ssh remotemachine
3. run xclock
  
Actual results:

xclock hangs, no output, nothing displaying on my displays, nothing.

Expected results:

xclock should run, just as it does when I'm NOT using xinerama.

Additional info:

Comment 1 Mike A. Harris 2005-07-12 10:38:02 UTC
ssh X11 forwarding is disabled by default in openssh in Fedora Core 4, and
Fedora Core 3 with all updates applied.  The openssh project changed the
defaults of ssh to forward only trusted clients by default which breaks
pretty much every application out there and is not a sensible default.

Since this change was made for security reasons by the openssh project,
we changed the default in our openssh packages to be "no X11 forwarding
at all" by default in order to keep a sane default security policy, but
not confuse users into thinking X11 forwarding should work.

In order to have working ssh forwarding, you must invoke ssh with -Y
always, or reconfigure your ssh server or clients to re-enable full
X11 forwarding.

The reason this only fails when you use Xinerama, is that an untrusted
code path exists under Xinerama which does not exist without it.

Setting bug status to "NOTABUG"


Note You need to log in before you can comment on or make changes to this bug.