https://bugzilla.mindrot.org/show_bug.cgi?id=2143
Bill McGonigle <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bill-bugzilla.mindrot.org@b | |fccomputing.com --- Comment #8 from Bill McGonigle <[email protected]> --- I ran into this on a current Debian machine with ipv6.disable=1 on the kernel command line (completely disables IPv6 at boot time). When searching for: X11 forwarding request failed on channel 0 I came across many articles/stackexchanges offering advice for fixing this, basically all saying to set: X11UseLocalhost no Since everything works after setting it, it seems like "the fix" to people who implement it. Being naturally paranoid, I read the man page, and, horrified, I went looking further. I found: AddressFamily inet which works properly for this machine, though it should be noted that none of the other daemons running on it fail functionality with IPv6 disabled. My concern is that by not addressing this problem, many users are configuring their machines insecurely. I see there are some security concerns noted above if this isn't fixed correctly, but it needs to be pointed out that not fixing it also has security concerns on an ecosystem level. Are there any concrete security objections to either of the proposed patches? SuSE appears to be carrying Andrev's patch. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
