On Mon, 22 Mar 2004, Peter Breitenlohner wrote:
It seems that originally there were plans to have two distinct sockets that were abandonned in the middle. Maybe that ought to be cleaned up (fairly trivial mods in xdmcp.c, just excise chooserFd6).
Since Alan Coopersmith originally implemented this on Solaris, which can handle both IPv6 and IPv4 on the same socket, there was initially only one socket.
As you might know, IPv4 addresses mapped in IPv6 are considered by a potential security problem and are disabled by default in some of the *BSD systems. (I can't repost the link to Itojun's papers on this later). For now IPv6 support for xdmcp is disabled on the hosts that don't support mapped v4 addresses.
I started to implement something with 2 sockets for xdmcp, but it turned out to be too much modifications for the XFree86 code freeze (which lasted longer than I expected).
It is possible that some of the ChooserFd6 code present here splipped through some of my other fixes for xdm.
I think it would be better to keep the chooserFd's separate, i.e. change socket.c. My reasoning is that some systems don't allow IPv4 traffic with an IPv6 socket, i.e. IPv6 is treated as a seperate protocol, rather than a "superset" of IPv4.
Yes I think that too. But the changes to the control flow of xdm are pretty invasive to support that. It's on my todo list for the next weeks when (hopefully) I'll have some more time to spend on X hacking.
Another issue is that the XDM-AUTHORIZATION-1 protocol cannot support. A new revision XDM-AUTHORIZATION-2 has been designed by X.Org but no one has implemented it yet. Althrough XDM-AUTHORIZATION-1 is not built by default by XFree86, it provides some enhancements to the security of remote X connections.
--
Matthieu
_______________________________________________
Devel mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/devel
