Bug#874096: xorg: X server SECURITY extension should be enabled

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#874096: xorg: X server SECURITY extension should be enabled
From: "root" <ch4r@riseup.net>
Date: Sun, 03 Sep 2017 06:24:29 +0000
Message-id: <[🔎] 150441986902.32508.13683666288408224988.reportbug@riseup.net>
Reply-to: "root" <ch4r@riseup.net>, 874096@bugs.debian.org

Source: xorg
Severity: normal

Dear Maintainer,

it seems that the X server SECURITY extension is not enabled / supported
by default. This extension is necessary for clients connecting via ssh
-X to a server, i.e. via untrusted ssh X forwarding.

While debian patches ssh to disable untrusted ssh X forwarding (i.e. ssh
-X is equivalent to ssh -Y), this is not true for all other
distributions. This results in X forwarding to fail when connecting from
a machine that uses the unpatched / upstream ssh client.

The SECURITY extension can be enabled via the --enable-xcsecurity build
flag.

See also https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221984


-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (1000, 'stable'), (990, 'stable')
Architecture: amd64 (x86_64)

Locale: LANG=en_US.UTF-8, LC_CTYPE=zh_CN.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Reply to:

Follow-Ups:
- Bug#874096: marked as done (xorg: X server SECURITY extension should be enabled)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: apitrace is marked for autoremoval from testing
Next by Date: Re: Aw: Re: libglx0
Previous by thread: apitrace is marked for autoremoval from testing
Next by thread: Bug#874096: marked as done (xorg: X server SECURITY extension should be enabled)
Index(es):
- Date
- Thread