Hello,
l...@gnu.org (Ludovic Courtès) writes:
[...]
> I believe this is a bug in lshd fixed by something along the lines of
> the attached patch.
>
> Niels, what do you think?
>
> (Strangely I can’t find equivalent code in OpenSSH.)
>
> Thanks,
> Ludo’.
>
> --- /tmp/lsh-2.1/src/server_x11.c 2016-08-01 11:58:54.714647794 +0200
> +++ /tmp/lsh-2.1/src/server_x11.c.new 2016-08-01 11:58:46.606563478 +0200
> @@ -151,7 +151,7 @@ DEFINE_COMMAND(open_forwarded_x11)
> #define X11_MIN_DISPLAY 10
> #define X11_MAX_DISPLAY 1000
>
> -/* FIXME: Create the /tmp/.X11-unix directory, if needed. Figure out
> +/* FIXME: Figure out
> * if and how we should use /tmp/.X17-lock. Consider using display
> * "unix:17" instead of just ":17".
> */
> @@ -253,6 +253,7 @@ open_x11_socket(struct ssh_channel *chan
>
> old_umask = umask(0077);
>
> + mkdir(X11_SOCKET_DIR, S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX);
> old_cd = lsh_pushd(X11_SOCKET_DIR, &dir, 0, 0);
> if (old_cd < 0)
> {
I tried the above fix and ran a VM with the attached config (the custom
kernel stuff was to try something else at the same time). It fixes the
error about the directory, but it would still fail at X11 forwarding
(there was an error message: "Can't find any xauth information for X11
display").
I ended up figuring out it needed libxau to work; combined with your
patch, this fixes X11 forwarding.
Fixed in commit 0ec195ff02.
For the record, I've done the tests in a VM using the attached system
config. The custom kernel stuff is unrelated.
Thanks,
Closing,
Maxim
(use-modules (gnu))
(use-service-modules networking ssh desktop)
(use-package-modules
admin
disk
aspell
gettext
ghostscript ;; gs-fonts
fonts ;; font-dejavu font-gnu-freefont-ttf
base
ssh rsync wget screen
version-control
emacs
emacs-xyz
xorg
xdisorg
certs)
(define make-linux-libre (@@ (gnu packages linux) make-linux-libre))
(define-public %linux-kernel-with-fault-injection
(make-linux-libre "5.8.13" ;version
"1wm8rsq53dd01wjnd4bz61daz9f7zm55sh1dssmpqwgdwh3cpshp" ;hash
'("x86_64-linux") ;supported systems
#:configuration-file (@@ (gnu packages linux) kernel-config)
#:extra-version "with-fault-injection"
#:extra-options (append (@@ (gnu packages linux)
%default-extra-linux-options)
`(("CONFIG_FAULT_INJECTION" . #t)
("CONFIG_FAIL_MAKE_REQUEST" . #t)
("CONFIG_FAIL_MMC_REQUEST" . #t)
("CONFIG_FAULT_INJECTION_DEBUG_FS" . #t)))
#:patches '()))
(operating-system
(host-name "g1")
(timezone "America/New_York")
(locale "en_US.utf8")
(bootloader (grub-configuration (target "/dev/sda")))
(file-systems (cons (file-system
(device "g1sd")
(mount-point "/")
(type "ext4"))
%base-file-systems))
(kernel %linux-kernel-with-fault-injection)
(users (cons* (user-account
(name "test")
(group "users")
(supplementary-groups '("wheel"))
(home-directory "/home/test"))
%base-user-accounts))
(packages
(cons*
glibc-utf8-locales
parted
gs-fonts font-dejavu font-gnu-freefont-ttf
gnu-make
openssh nss-certs rsync wget git
screen
emacs
xauth ;used by lsh
xeyes ;for testing
%base-packages))
(services (cons* (lsh-service #:port-number 22
#:allow-empty-passwords? #t
#:root-login? #t)
(service dhcp-client-service-type)
%base-services)))
