Currently, openssh-2.9p2 adds cookies to a user's .Xauthority file if X11
forwarding is requested but does not delete them while closing down the
connection. While this may not necessarily be a security vulnerability, but
it's a good idea for the application to cleanup appropriately.
This patch takes care of removing the X forwarding cookies from the user's
.Xauthority file. Please consider integrating this into the OpenSSH code.
Thanks.
-Alok
diff -w -c openssh-2.9p2/session.c modified/session.c
*** 1950,1955 ****
--- 1565,1590 ----
void
session_close(Session *s)
{
+ char cmd[1024];
+ FILE *f = NULL;
+ int xauth_present = s->auth_proto != NULL &&
s->auth_data != NULL;
+
+ memset(cmd, 0, sizeof (cmd));
+
+ if (xauth_present && options.xauth_location != NULL) {
+ debug("Running %.100s remove %.100s",
+ options.xauth_location, s->display);
+ temporarily_use_uid(s->pw->pw_uid);
+ snprintf(cmd, sizeof (cmd), "%s -q -",
+ options.xauth_location);
+ f = popen(cmd, "w");
+ if (f) {
+ fprintf(f, "remove %s\n",
s->display);
+ pclose(f);
+ } else {
+ fprintf(stderr, "Could not run %s\n",
cmd);
+ }
+ restore_uid();
+ }
session_pty_cleanup(s);
session_free(s);
session_proctitle(s);
***************
