X11 Server (Quartz 1.20.4) not having security extensions

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

X11 Server (Quartz 1.20.4) not having security extensions

Christoph Kukulies
I found that

ssh -X user@remote_host 


doesn’t do X-forwarding, and that is - I’m told - because the X11 server (XQuartz 1.20.4 (xorg-server 1.20.4) doesn’t have security extensions.


$ xdpyinfo -queryExtensions

name of display:    /private/tmp/com.apple.launchd.NM3gWpA6AH/org.macports:0
version number:    11.0
vendor string:    The X.Org Foundation
vendor release number:    12004000
X.Org version: 1.20.4
maximum request size:  16777212 bytes
motion buffer size:  256
bitmap unit, bit order, padding:    32, LSBFirst, 32
image byte order:    LSBFirst
number of supported pixmap formats:    7
supported pixmap formats:
   depth 1, bits_per_pixel 1, scanline_pad 32
   depth 4, bits_per_pixel 8, scanline_pad 32
   depth 8, bits_per_pixel 8, scanline_pad 32
   depth 15, bits_per_pixel 16, scanline_pad 32
   depth 16, bits_per_pixel 16, scanline_pad 32
   depth 24, bits_per_pixel 32, scanline_pad 32
   depth 32, bits_per_pixel 32, scanline_pad 32
keycode range:    minimum 8, maximum 255
focus:  None
number of extensions:    21
   Apple-DRI  (opcode: 128, base event: 64, base error: 128)
   Apple-WM  (opcode: 129, base event: 68, base error: 130)
   BIG-REQUESTS  (opcode: 134)
   DAMAGE  (opcode: 142, base event: 97, base error: 154)
   DOUBLE-BUFFER  (opcode: 144, base error: 155)
   GLX  (opcode: 148, base event: 101, base error: 159)
   Generic Event Extension  (opcode: 130)
   MIT-SCREEN-SAVER  (opcode: 143, base event: 98)
   MIT-SHM  (opcode: 132, base event: 72, base error: 132)
   Present  (opcode: 145)
   RANDR  (opcode: 141, base event: 95, base error: 149)
   RENDER  (opcode: 140, base error: 144)
   SHAPE  (opcode: 131, base event: 71)
   SYNC  (opcode: 135, base event: 90, base error: 138)
   X-Resource  (opcode: 146)
   XC-MISC  (opcode: 137)
   XFIXES  (opcode: 139, base event: 93, base error: 142)
   XINERAMA  (opcode: 138)
   XInputExtension  (opcode: 133, base event: 73, base error: 133)
   XKEYBOARD  (opcode: 136, base event: 92, base error: 141)
   XVideo  (opcode: 147, base event: 99, base error: 156)
default screen number:    0
number of screens:    1

screen #0:
 dimensions:    1680x1028 pixels (445x272 millimeters)
 resolution:    96x96 dots per inch
 depths (7):    24, 1, 4, 8, 15, 16, 32
 root window id:    0x111
 depth of root window:    24 planes
 number of colormaps:    minimum 1, maximum 1
 default colormap:    0x21
 default number of colormap cells:    256
 preallocated pixels:    black 0, white 16777215
 options:    backing-store NO, save-unders NO
 largest cursor:    32x32
 current input event mask:    0x1a0000
   StructureNotifyMask      SubstructureNotifyMask   SubstructureRedirectMask 
 number of visuals:    80
 default visual id:  0x22
 visual:
   visual id:    0x22
   class:    TrueColor
   depth:    24 planes
   available colormap entries:    256 per subfield
   red, green, blue masks:    0xff0000, 0xff00, 0xff
   significant bits in color specification:    8 bits



Is there a way to make the server having these extensions? Or are there reasons standing against this?



Christoph
Reply | Threaded
Open this post in threaded view
|

Re: X11 Server (Quartz 1.20.4) not having security extensions

Uli Wienands

Try ssh -Y ...

Uli

On 5/7/20 2:43 AM, Christoph Kukulies wrote:
I found that

ssh -X user@remote_host 


doesn’t do X-forwarding, and that is - I’m told - because the X11 server (XQuartz 1.20.4 (xorg-server 1.20.4) doesn’t have security extensions.


$ xdpyinfo -queryExtensions

name of display:    /private/tmp/com.apple.launchd.NM3gWpA6AH/org.macports:0
version number:    11.0
vendor string:    The X.Org Foundation
vendor release number:    12004000
X.Org version: 1.20.4
maximum request size:  16777212 bytes
motion buffer size:  256
bitmap unit, bit order, padding:    32, LSBFirst, 32
image byte order:    LSBFirst
number of supported pixmap formats:    7
supported pixmap formats:
   depth 1, bits_per_pixel 1, scanline_pad 32
   depth 4, bits_per_pixel 8, scanline_pad 32
   depth 8, bits_per_pixel 8, scanline_pad 32
   depth 15, bits_per_pixel 16, scanline_pad 32
   depth 16, bits_per_pixel 16, scanline_pad 32
   depth 24, bits_per_pixel 32, scanline_pad 32
   depth 32, bits_per_pixel 32, scanline_pad 32
keycode range:    minimum 8, maximum 255
focus:  None
number of extensions:    21
   Apple-DRI  (opcode: 128, base event: 64, base error: 128)
   Apple-WM  (opcode: 129, base event: 68, base error: 130)
   BIG-REQUESTS  (opcode: 134)
   DAMAGE  (opcode: 142, base event: 97, base error: 154)
   DOUBLE-BUFFER  (opcode: 144, base error: 155)
   GLX  (opcode: 148, base event: 101, base error: 159)
   Generic Event Extension  (opcode: 130)
   MIT-SCREEN-SAVER  (opcode: 143, base event: 98)
   MIT-SHM  (opcode: 132, base event: 72, base error: 132)
   Present  (opcode: 145)
   RANDR  (opcode: 141, base event: 95, base error: 149)
   RENDER  (opcode: 140, base error: 144)
   SHAPE  (opcode: 131, base event: 71)
   SYNC  (opcode: 135, base event: 90, base error: 138)
   X-Resource  (opcode: 146)
   XC-MISC  (opcode: 137)
   XFIXES  (opcode: 139, base event: 93, base error: 142)
   XINERAMA  (opcode: 138)
   XInputExtension  (opcode: 133, base event: 73, base error: 133)
   XKEYBOARD  (opcode: 136, base event: 92, base error: 141)
   XVideo  (opcode: 147, base event: 99, base error: 156)
default screen number:    0
number of screens:    1

screen #0:
 dimensions:    1680x1028 pixels (445x272 millimeters)
 resolution:    96x96 dots per inch
 depths (7):    24, 1, 4, 8, 15, 16, 32
 root window id:    0x111
 depth of root window:    24 planes
 number of colormaps:    minimum 1, maximum 1
 default colormap:    0x21
 default number of colormap cells:    256
 preallocated pixels:    black 0, white 16777215
 options:    backing-store NO, save-unders NO
 largest cursor:    32x32
 current input event mask:    0x1a0000
   StructureNotifyMask      SubstructureNotifyMask   SubstructureRedirectMask 
 number of visuals:    80
 default visual id:  0x22
 visual:
   visual id:    0x22
   class:    TrueColor
   depth:    24 planes
   available colormap entries:    256 per subfield
   red, green, blue masks:    0xff0000, 0xff00, 0xff
   significant bits in color specification:    8 bits



Is there a way to make the server having these extensions? Or are there reasons standing against this?



Christoph
Reply | Threaded
Open this post in threaded view
|

Re: X11 Server (Quartz 1.20.4) not having security extensions

Christoph Kukulies
That’s not the issue. I know that. My question see below (I’ll cite):

"Is there a way to make the server having these extensions? Or are there reasons standing against this?"

Christoph


Am 07.05.2020 um 15:53 schrieb Uli Wienands <[hidden email]>:

Try ssh -Y ...

Uli

On 5/7/20 2:43 AM, Christoph Kukulies wrote:
I found that

ssh -X user@remote_host 


doesn’t do X-forwarding, and that is - I’m told - because the X11 server (XQuartz 1.20.4 (xorg-server 1.20.4) doesn’t have security extensions.


$ xdpyinfo -queryExtensions

name of display:    /private/tmp/com.apple.launchd.NM3gWpA6AH/org.macports:0
version number:    11.0
vendor string:    The X.Org Foundation
vendor release number:    12004000
X.Org version: 1.20.4
maximum request size:  16777212 bytes
motion buffer size:  256
bitmap unit, bit order, padding:    32, LSBFirst, 32
image byte order:    LSBFirst
number of supported pixmap formats:    7
supported pixmap formats:
   depth 1, bits_per_pixel 1, scanline_pad 32
   depth 4, bits_per_pixel 8, scanline_pad 32
   depth 8, bits_per_pixel 8, scanline_pad 32
   depth 15, bits_per_pixel 16, scanline_pad 32
   depth 16, bits_per_pixel 16, scanline_pad 32
   depth 24, bits_per_pixel 32, scanline_pad 32
   depth 32, bits_per_pixel 32, scanline_pad 32
keycode range:    minimum 8, maximum 255
focus:  None
number of extensions:    21
   Apple-DRI  (opcode: 128, base event: 64, base error: 128)
   Apple-WM  (opcode: 129, base event: 68, base error: 130)
   BIG-REQUESTS  (opcode: 134)
   DAMAGE  (opcode: 142, base event: 97, base error: 154)
   DOUBLE-BUFFER  (opcode: 144, base error: 155)
   GLX  (opcode: 148, base event: 101, base error: 159)
   Generic Event Extension  (opcode: 130)
   MIT-SCREEN-SAVER  (opcode: 143, base event: 98)
   MIT-SHM  (opcode: 132, base event: 72, base error: 132)
   Present  (opcode: 145)
   RANDR  (opcode: 141, base event: 95, base error: 149)
   RENDER  (opcode: 140, base error: 144)
   SHAPE  (opcode: 131, base event: 71)
   SYNC  (opcode: 135, base event: 90, base error: 138)
   X-Resource  (opcode: 146)
   XC-MISC  (opcode: 137)
   XFIXES  (opcode: 139, base event: 93, base error: 142)
   XINERAMA  (opcode: 138)
   XInputExtension  (opcode: 133, base event: 73, base error: 133)
   XKEYBOARD  (opcode: 136, base event: 92, base error: 141)
   XVideo  (opcode: 147, base event: 99, base error: 156)
default screen number:    0
number of screens:    1

screen #0:
 dimensions:    1680x1028 pixels (445x272 millimeters)
 resolution:    96x96 dots per inch
 depths (7):    24, 1, 4, 8, 15, 16, 32
 root window id:    0x111
 depth of root window:    24 planes
 number of colormaps:    minimum 1, maximum 1
 default colormap:    0x21
 default number of colormap cells:    256
 preallocated pixels:    black 0, white 16777215
 options:    backing-store NO, save-unders NO
 largest cursor:    32x32
 current input event mask:    0x1a0000
   StructureNotifyMask      SubstructureNotifyMask   SubstructureRedirectMask 
 number of visuals:    80
 default visual id:  0x22
 visual:
   visual id:    0x22
   class:    TrueColor
   depth:    24 planes
   available colormap entries:    256 per subfield
   red, green, blue masks:    0xff0000, 0xff00, 0xff
   significant bits in color specification:    8 bits



Is there a way to make the server having these extensions? Or are there reasons standing against this?



Christoph

Reply | Threaded
Open this post in threaded view
|

Re: X11 Server (Quartz 1.20.4) not having security extensions

Christopher Jones
Hi,

I am not an expert on this, but my understanding is this was intentionally disabled by default by the Xorg server build system, when XACE was added. The MP port stays as close to the upstream defaults as it can.

That said, adding an optional variant to enable this, if the user wishes to, seems an option.


please give the update there a go and report back to the PR if it works for you.

Chris

On 7 May 2020, at 3:15 pm, Christoph Kukulies <[hidden email]> wrote:

That’s not the issue. I know that. My question see below (I’ll cite):

"Is there a way to make the server having these extensions? Or are there reasons standing against this?"

Christoph


Am 07.05.2020 um 15:53 schrieb Uli Wienands <[hidden email]>:

Try ssh -Y ...

Uli

On 5/7/20 2:43 AM, Christoph Kukulies wrote:
I found that

ssh -X user@remote_host 


doesn’t do X-forwarding, and that is - I’m told - because the X11 server (XQuartz 1.20.4 (xorg-server 1.20.4) doesn’t have security extensions.


$ xdpyinfo -queryExtensions

name of display:    /private/tmp/com.apple.launchd.NM3gWpA6AH/org.macports:0
version number:    11.0
vendor string:    The X.Org Foundation
vendor release number:    12004000
X.Org version: 1.20.4
maximum request size:  16777212 bytes
motion buffer size:  256
bitmap unit, bit order, padding:    32, LSBFirst, 32
image byte order:    LSBFirst
number of supported pixmap formats:    7
supported pixmap formats:
   depth 1, bits_per_pixel 1, scanline_pad 32
   depth 4, bits_per_pixel 8, scanline_pad 32
   depth 8, bits_per_pixel 8, scanline_pad 32
   depth 15, bits_per_pixel 16, scanline_pad 32
   depth 16, bits_per_pixel 16, scanline_pad 32
   depth 24, bits_per_pixel 32, scanline_pad 32
   depth 32, bits_per_pixel 32, scanline_pad 32
keycode range:    minimum 8, maximum 255
focus:  None
number of extensions:    21
   Apple-DRI  (opcode: 128, base event: 64, base error: 128)
   Apple-WM  (opcode: 129, base event: 68, base error: 130)
   BIG-REQUESTS  (opcode: 134)
   DAMAGE  (opcode: 142, base event: 97, base error: 154)
   DOUBLE-BUFFER  (opcode: 144, base error: 155)
   GLX  (opcode: 148, base event: 101, base error: 159)
   Generic Event Extension  (opcode: 130)
   MIT-SCREEN-SAVER  (opcode: 143, base event: 98)
   MIT-SHM  (opcode: 132, base event: 72, base error: 132)
   Present  (opcode: 145)
   RANDR  (opcode: 141, base event: 95, base error: 149)
   RENDER  (opcode: 140, base error: 144)
   SHAPE  (opcode: 131, base event: 71)
   SYNC  (opcode: 135, base event: 90, base error: 138)
   X-Resource  (opcode: 146)
   XC-MISC  (opcode: 137)
   XFIXES  (opcode: 139, base event: 93, base error: 142)
   XINERAMA  (opcode: 138)
   XInputExtension  (opcode: 133, base event: 73, base error: 133)
   XKEYBOARD  (opcode: 136, base event: 92, base error: 141)
   XVideo  (opcode: 147, base event: 99, base error: 156)
default screen number:    0
number of screens:    1

screen #0:
 dimensions:    1680x1028 pixels (445x272 millimeters)
 resolution:    96x96 dots per inch
 depths (7):    24, 1, 4, 8, 15, 16, 32
 root window id:    0x111
 depth of root window:    24 planes
 number of colormaps:    minimum 1, maximum 1
 default colormap:    0x21
 default number of colormap cells:    256
 preallocated pixels:    black 0, white 16777215
 options:    backing-store NO, save-unders NO
 largest cursor:    32x32
 current input event mask:    0x1a0000
   StructureNotifyMask      SubstructureNotifyMask   SubstructureRedirectMask 
 number of visuals:    80
 default visual id:  0x22
 visual:
   visual id:    0x22
   class:    TrueColor
   depth:    24 planes
   available colormap entries:    256 per subfield
   red, green, blue masks:    0xff0000, 0xff00, 0xff
   significant bits in color specification:    8 bits



Is there a way to make the server having these extensions? Or are there reasons standing against this?



Christoph



smime.p7s (2K) Download Attachment