search for: 008636

...o trusted authentication after 20 minutes: Add X11ForwardTimeout option to specify timeout for untrusted X11 authentication cookies to avoid fallback in X11 code to fully-trusted implicit authentication using SO_PEERCRED described at: http://lists.x.org/archives/xorg-devel/2010-May/008636.html After the X11ForwardTimeout has expired the client will now refuse incoming X11 channel opens. I will need to see it this is an unpatched security issue on CentOS/RedHat 6. If so, I claim credit for observing it as a possibility. Stuart -- I've never been lost; I was once bewi...

...popular Linux distributions (like redhat), x11 access control is performed using SO_PEERCRED credentials, this breaks ssh -X, as once the untrusted cookie expires, the untrusted connection becomes trusted. I posted about this to the Xorg devel list. http://lists.x.org/archives/xorg-devel/2010-May/008636.html I don't think openssh is to blame, but it would be great if a workaround was available. Because X will prefer the authentication data ssh sends before the fallback, perhaps providing an option to make sure it doesn't expire while the connection exists is a reasonable workaround? Patc...