Has anybody else experienced weird X11 forwarding problems such as the one below: andreas at teste10:~> x3270 X Error of failed request: BadWindow (invalid Window parameter) Major opcode of failed request: 3 (X_GetWindowAttributes) Resource id in failed request: 0x404372 Serial number of failed request: 833 Current serial number in output stream: 834 or andreas at teste10:~> gq Gdk-ERROR **: BadWindow (invalid Window parameter) serial 737 error_code 3 request_code 38 minor_code 0 Gdk-ERROR **: BadAccess (attempt to access private resource denied) serial 738 error_code 10 request_code 102 minor_code 0 The application opens, but crashes with this error when I open a menu. Without ssh (that is, using export DISPLAY=mymachine:0), it works. My XFree86 version is 4.4.0, and openssh is 3.8p1. Trying from older XFree86 and openssh, it works. I couldn't isolate it yet, whether the problem is with X or openssh (or something else).
* Andreas [2004-03-19 14:54:32 -0300]:> Has anybody else experienced weird X11 forwarding problems such > as the one below:Yes. The problem is that OpenSSH 3.8 is trying to pioneer the use of the X11 SECURITY extension, which has existed since 1996 but obviously not received enough debugging attention so far.> andreas at teste10:~> x3270 > X Error of failed request: BadWindow (invalid Window parameter) > Major opcode of failed request: 3 (X_GetWindowAttributes) > Resource id in failed request: 0x404372What's that window x3270 is trying to get the attributes of? (xwininfo might help.) Then either patch x3270 not to need this lookup, or launch the ssh client with ForwardX11Trusted=yes. If the opcode had been one of the X_*Property ones, you would have had the option of allowing (or silently ignoring) the access attempt in the SecurityPolicy file of your X server configuration. But I'm afraid that X_GetWindowAttributes restrictions are hardwired (in the X server implementations I have access to). There may be very good design reasons for hardwiring them, too. Advice: for the sake of ordinary users, set ForwardX11Trusted yes in ssh_config. As a developer, you can turn it off in your ~/.ssh/config, study what breaks, and try to help the maintainers of the affected applications improve their SECURITY-compatibility so that maybe someday we'll all be able to turn ForwardX11Trusted back off.
Andreas wrote:> Has anybody else experienced weird X11 forwarding problems such > as the one below: > > andreas at teste10:~> x3270 > X Error of failed request: BadWindow (invalid Window parameter) > Major opcode of failed request: 3 (X_GetWindowAttributes) > Resource id in failed request: 0x404372 > Serial number of failed request: 833 > Current serial number in output stream: 834As of OpenSSH 3.8, X forwarding by default uses the XSECURITY extension to limit access to the client's X server. You can disable this using the ForwardX11Trusted option or you can adjust the server's policy (/etc/X11/xserver/SecurityPolicy for XFree) -d