This is the mail archive of the cygwin-xfree@cygwin.com mailing list for the Cygwin XFree86 project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Mozilla firefox over ssh: Gdk-ERROR **: BadDrawable/BadAccess

Alexander Gottwald <alexander.gottwald@s1999.tu-chemnitz.de> writes:

>On Thu, 22 Apr 2004 fstx@algorithmica.se wrote:
>
>> What is the difference between "X11 forwarding" and "trusted X11 forwarding"?
>> 
>> Why did the compatible X11 forwarding break?
>> 
>> Why is it necessary to have a separate user interface? That is, why can't
>> -X mean "Use trusted X11 forwarding if available, otherwise use 
>> compatible X11 forwarding"
>
>-Y means use trusted forwarding
>-X means use untrusted forwarding
>
>the trusted means the X11 client has no access restrictions while a client in
>untrusted mode has some access restrictions which result in some errors 
>which actually mean "access denied"

Yes, I looked at the release notes and man pages for OpenSSH, and they
choose to break backwards compatibility in the name of security. That
is the right choice, of course, unless...

the users reaction is to restore the previous situation.  Note that the
Cygwin-X docs only mentions -X for older version of ssh, thus
advising users to disable the new security feature.

The real question here is why the X11 SECURITY extension disallows 
some of the operations that Mozilla wants to do. Are they really 
unsafe, or is the security specification overly restrictive?
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]