openssh unix dev - Nov 1999 - openssh & XEmacs gnuclient issue

In switching to openssh from ssh-1.2.27, I have encountered the
following problem with the way openssh handles its XAUTHORITY files
separately from ~/.Xauthority.

XEmacs has a gnuserv process that runs and allows commands to be
issued to a remote XEmacs process.  The trouble is when the command is
to make a new frame ( window ) on a different X display, it fails
because the Xauth cookie is not in .Xauthority and the user's process
on the remote machine is not.  I think XEmacs is one of the few
programs in common use to handle multiple displays.

What advantage is it to separate the ssh cookie into a separate file
aside from making it easier to nuke cookies when closing a connection?

Would it be possible to switch to use the user's ~/.Xauthority?

Cheers,
Chris
-- 
Chris Green <sprout at dok.org> <grapeape at uab.edu>
Logic, my dear Zoe, merely enables one to be wrong with authority.
                - Doctor Who, "The Wheel in Space"

On 26 Nov 1999, Chris Green wrote:
> The trouble is when the command is to make a new frame ( window ) on a
> different X display, it fails because the Xauth cookie is not in
> .Xauthority and the user's process on the remote machine is not.
it doesn't honor the XAUTHORITY environment variable? hrm. :-/
> What advantage is it to separate the ssh cookie into a separate file
> aside from making it easier to nuke cookies when closing a connection?
specifically, it protects the file's contents when the user's home
directory is in NFS, or AFS. by using a local file, it prevents passive
network sniffing of the Xauth credentials - see Ulrich Flegel's paper on
SSH X11 vulnerabilities for details:

	http://rootshell.connectnet.com/docs/ssh-x11.ps.gz

-d.

---
http://www.monkey.org/~dugsong/