From owner-freebsd-current@FreeBSD.ORG  Tue Mar  2 18:46:38 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4CF5416A4CE
	for <freebsd-current@freebsd.org>;
	Tue,  2 Mar 2004 18:46:38 -0800 (PST)
Received: from mail-in-05.arcor-online.net (mail-in-05.arcor-online.net
	[151.189.21.45])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7C54A43D31
	for <freebsd-current@freebsd.org>;
	Tue,  2 Mar 2004 18:46:35 -0800 (PST)
	(envelope-from mailnull@mips.inka.de)
Received: from kemoauc.mips.inka.de (dsl-213-023-058-017.arcor-ip.net
	[213.23.58.17])
	by mail-in-05.arcor-online.net (Postfix) with ESMTP id B35D17B6C13
	for <freebsd-current@freebsd.org>;
	Wed,  3 Mar 2004 03:46:34 +0100 (CET)
Received: from kemoauc.mips.inka.de (localhost [127.0.0.1])
	i232kYhw049096	for <freebsd-current@freebsd.org>;
	Wed, 3 Mar 2004 03:46:34 +0100 (CET)
	(envelope-from mailnull@kemoauc.mips.inka.de)
Received: (from mailnull@localhost)
	by kemoauc.mips.inka.de (8.12.10/8.12.10/Submit) id i232kXDn049095
	for freebsd-current@freebsd.org; Wed, 3 Mar 2004 03:46:33 +0100 (CET)
	(envelope-from mailnull)
From: naddy@mips.inka.de (Christian Weisgerber)
Date: Wed, 3 Mar 2004 02:46:33 +0000 (UTC)
Message-ID: <c23gu9$1fm4$1@kemoauc.mips.inka.de>
References: <20040303004157.9F9F65D07@ptavv.es.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: 8bit
Originator: naddy@mips.inka.de (Christian Weisgerber)
To: freebsd-current@freebsd.org
Subject: Re: Breakage in X11 over ssh tunnel
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Mar 2004 02:46:38 -0000

Kevin Oberman <oberman@es.net> wrote:

> In all of my system running current that are newer than 2/26/04 I am
> unable to run X applications over an SSH tunnel. I get a variety of
> errors, most pretty non-sensical, when I try. The tunnels are from
> stable systems to current system from yesterday or today.

OpenSSH's X11 forwarding now defaults to providing untrusted client
access, which prevents the X11 clients from performing some operations.
Alas, many X11 programs (or the toolkits they're based on, e.g GTK1)
rely on trusted privileges and fail if these aren't available.

You can enabled trusted X11 forwarding with ssh's -Y switch or the
ForwardX11Trusted configuration option.  Note that this poses a
security risk if the host where the X11 client runs is under somebody
else's control or has been compromised.

-- 
Christian "naddy" Weisgerber                          naddy@mips.inka.de