[PATCH xserver] os: Treat ssh as a non-local client (v3)
Martin Peres
martin.peres at linux.intel.com
Wed Jan 13 01:57:57 PST 2016
On 13/01/16 03:59, Michel Dänzer wrote:
> On 13.01.2016 03:43, Adam Jackson wrote:
>> On Thu, 2015-12-17 at 16:41 +0900, Michel Dänzer wrote:
>>> From: Adam Jackson <ajax at redhat.com>
>>>
>>> By the time we get to ComputeLocalClient, we've already done
>>> NextAvailableClient → ReserveClientIds → DetermineClientCmd (assuming
>>> we're built with #define CLIENTIDS), so we can look up the name of the
>>> client process and refuse to treat ssh's X forwarding as if it were
>>> local.
>>>
>>> v2: (Michel Dänzer)
>>> * Only match "ssh" itself, not other executable names starting with
>>> that prefix.
>>> * Ignore executable path for the match.
>>> v3: (Michel Dänzer)
>>> * Use GetClientCmdName (Mark Kettenis)
>>> * Perform check on Windows as well, but only ignore path on Cygwin
>>> (Martin Peres, Emil Velikov, Jon Turney)
>>
>> But this doesn't work reliably, which is why I used strncmp in the
>> first place. See my original test report:
>>
>> http://lists.freedesktop.org/archives/xorg-devel/2015-December/048164.html
>
> I somehow missed that before, sorry.
>
> Looks like this could be addressed by cutting of the colon and anything
> after it using something like strtok(_r)?
>
>
>> Note that cmdname is not always "ssh".
>
> Indeed, that's one of the points which prompted my changes. E.g. it can
> contain the executable path, which is stripped off with basename. That
> might not work too well either with your example above without cutting
> off at the colon.
>
>
>> Are we honestly concerned that some client's name is prefixed with
>> "ssh" and _isn't_ ssh or something acting like it?
>
> That seems quite plausible. Debian is already shipping many more
> executables starting with "ssh", that number will probably only increase
> with time. Maybe none of them need DRI2/3 yet, but we shouldn't lightly
> rely on that being the case for any future ones.
How about we also add a message in the logs to say that we treat this
client as non-local? That seems to be a good idea, especially when we
could have false positives.
More information about the xorg-devel
mailing list