github-starred/barrier
2
0
Fork 0
mirror of https://github.com/debauchee/barrier.git synced 2026-05-15 14:16:02 -06:00
Code Issues 1.0k Projects Packages Wiki Activity Actions

[GH-ISSUE #239] Detect if being run on an SSH X-forwarded display and refuse to start if so #195

New issue
Open
opened 2026-05-05 05:39:11 -06:00 by gitea-mirror · 9 comments
gitea-mirror commented 2026-05-05 05:39:11 -06:00
Owner
Copy link

Originally created by @brianjmurrell on GitHub (Jan 24, 2019).
Original GitHub issue: https://github.com/debauchee/barrier/issues/239

barrier[cs] should detect if it's being run on an X11 forwarded display and not start, or at least give the user a big warning, if it's found.

How could this be determined? Heuristically is one way. Is DISPLAY # >= 10? Is resolution of server and client the same? Are other SSH environment variables set?

Or one could look for a more unique property of an X display and see if they are == on both client and server. One could set an X property on the server and see if it's set on the client.

There are probably other ways.

Originally created by @brianjmurrell on GitHub (Jan 24, 2019). Original GitHub issue: https://github.com/debauchee/barrier/issues/239 `barrier[cs]` should detect if it's being run on an X11 forwarded display and not start, or at least give the user a big warning, if it's found. How could this be determined? Heuristically is one way. Is DISPLAY # >= 10? Is resolution of server and client the same? Are other SSH environment variables set? Or one could look for a more unique property of an X display and see if they are == on both client and server. One could set an X property on the server and see if it's set on the client. There are probably other ways.
gitea-mirror added the
enhancement
 label 2026-05-05 05:39:11 -06:00
gitea-mirror commented 2026-05-05 05:39:16 -06:00
Author
Owner
Copy link

@jwestfall69 commented on GitHub (Jan 25, 2019):

I think just checking if the DISPLAY variable contains a non-empty hostname should be enough to tell you if its remote. Talking to the local X would have an empty hostname which causes clients to use to /tmp/.X11-unix/X0 unix domain socket.

<!-- gh-comment-id:457415444 --> @jwestfall69 commented on GitHub (Jan 25, 2019): I think just checking if the DISPLAY variable contains a non-empty hostname should be enough to tell you if its remote. Talking to the local X would have an empty hostname which causes clients to use to /tmp/.X11-unix/X0 unix domain socket.
gitea-mirror commented 2026-05-05 05:39:20 -06:00
Author
Owner
Copy link

@brianjmurrell commented on GitHub (Jan 25, 2019):

I don't think that is foolproof. localhost:0.0 is a perfectly valid DISPLAY value for a local X server.

But maybe the percentage of cases where that's used times the percentage of cases where somebody runs Barrier on such a remote display is so infinitesimally small that it's not worth worrying about.

<!-- gh-comment-id:457468543 --> @brianjmurrell commented on GitHub (Jan 25, 2019): I don't think that is foolproof. `localhost:0.0` is a perfectly valid `DISPLAY` value for a local X server. But maybe the percentage of cases where that's used times the percentage of cases where somebody runs Barrier on such a remote display is so infinitesimally small that it's not worth worrying about.
gitea-mirror commented 2026-05-05 05:39:23 -06:00
Author
Owner
Copy link

@p12tic commented on GitHub (Jan 25, 2019):

I think it's important to correctly handle all cases. Having said that, the impact of a missed case won't be large if we give only a warning and not refuse to start outright.

<!-- gh-comment-id:457491961 --> @p12tic commented on GitHub (Jan 25, 2019): I think it's important to correctly handle all cases. Having said that, the impact of a missed case won't be large if we give only a warning and not refuse to start outright.
gitea-mirror commented 2026-05-05 05:39:26 -06:00
Author
Owner
Copy link

@jwestfall69 commented on GitHub (Jan 25, 2019):

I don't think that is foolproof. localhost:0.0 is a perfectly valid DISPLAY value for a local X server.

Curious if you actually tried this? Putting the hostname will cause the client to attempt to connect to the X server via tcp instead of the unix domain socket. Most (all?) distros don't have their X listening on tcp.

[jwestfall@jwestfall:~]$ export DISPLAY=localhost:0.0
[jwestfall@jwestfall:~]$ xterm
xterm: Xt error: Can't open display: localhost:0.0

I also think the most that should be done is to log a warning.

<!-- gh-comment-id:457630084 --> @jwestfall69 commented on GitHub (Jan 25, 2019): > I don't think that is foolproof. `localhost:0.0` is a perfectly valid `DISPLAY` value for a local X server. Curious if you actually tried this? Putting the hostname will cause the client to attempt to connect to the X server via tcp instead of the unix domain socket. Most (all?) distros don't have their X listening on tcp. ``` [jwestfall@jwestfall:~]$ export DISPLAY=localhost:0.0 [jwestfall@jwestfall:~]$ xterm xterm: Xt error: Can't open display: localhost:0.0 ``` I also think the most that should be done is to log a warning.
gitea-mirror commented 2026-05-05 05:39:28 -06:00
Author
Owner
Copy link

@brianjmurrell commented on GitHub (Jan 25, 2019):

Yes, understood that most distros don't have X11 listening on TCP but that doesn't mean a user could not change that if they had a need. Before SSH and X11-forwarding (yes, I am that old), listening on TCP was the only way to get remote X11 clients on to your display.

There may be current-day use cases still that we are just not aware of.

But I agree that the odds are getting pretty low -- maybe too low to be worth supporting.

But it's still a good idea to recognise all of the use-cases and variables from the outset and then decide which valid and which are not.

<!-- gh-comment-id:457637409 --> @brianjmurrell commented on GitHub (Jan 25, 2019): Yes, understood that most distros don't have X11 listening on TCP but that doesn't mean a user could not change that if they had a need. Before SSH and X11-forwarding (yes, I am that old), listening on TCP was the only way to get remote X11 clients on to your display. There may be current-day use cases still that we are just not aware of. But I agree that the odds are getting pretty low -- maybe too low to be worth supporting. But it's still a good idea to recognise all of the use-cases and variables from the outset and then decide which valid and which are not.
gitea-mirror commented 2026-05-05 05:39:30 -06:00
Author
Owner
Copy link

@ts-toh commented on GitHub (Jan 31, 2019):

I hope that there will be a way to override this feature if a user truly wants to. There are valid but intuitive use cases. For example, for awhile, I made a second monitor out of an old tablet running a vnc client over tcp/ip over usb to a new x11 instance on my desktop, and used synergy to control it. What if instead of using vnc, I wanted to tunnel an x11 session? It is frankly easier to do x11 over an ssh tunnel than a bare x11 session these days.

<!-- gh-comment-id:459382712 --> @ts-toh commented on GitHub (Jan 31, 2019): I hope that there will be a way to override this feature if a user truly wants to. There are valid but intuitive use cases. For example, for awhile, I made a second monitor out of an old tablet running a vnc client over tcp/ip over usb to a new x11 instance on my desktop, and used synergy to control it. What if instead of using vnc, I wanted to tunnel an x11 session? It is frankly easier to do x11 over an ssh tunnel than a bare x11 session these days.
gitea-mirror commented 2026-05-05 05:39:32 -06:00
Author
Owner
Copy link

@p12tic commented on GitHub (Jan 31, 2019):

@brianjmurrell What was your original pain that resulted in opening this issue?

<!-- gh-comment-id:459420502 --> @p12tic commented on GitHub (Jan 31, 2019): @brianjmurrell What was your original pain that resulted in opening this issue?
gitea-mirror commented 2026-05-05 05:39:33 -06:00
Author
Owner
Copy link

@brianjmurrell commented on GitHub (Jan 31, 2019):

@p12tic sshing from the Barrier server machine to the client machine and then just running barrierc without first fixing DISPLAY to point at the remote machine's Xserver instead of the Barrier server's Xserver forwarded over the SSH connection.

<!-- gh-comment-id:459450391 --> @brianjmurrell commented on GitHub (Jan 31, 2019): @p12tic `ssh`ing from the Barrier server machine to the client machine and then just running `barrierc` without first fixing `DISPLAY` to point at the remote machine's Xserver instead of the Barrier server's Xserver forwarded over the SSH connection.
gitea-mirror commented 2026-05-05 05:39:34 -06:00
Author
Owner
Copy link

@p12tic commented on GitHub (Jan 31, 2019):

Indeed a warning would be really useful in such case.

<!-- gh-comment-id:459450893 --> @p12tic commented on GitHub (Jan 31, 2019): Indeed a warning would be really useful in such case.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
enhancement/builds/windows-multi-versions-build
martin-furter-barrier-term
enhancement/builds/macos-universal
enhancement/builds/macos-universal-qt6-test
2.3.x
fix/lang-translation/ssl-slash-tls
feature/build/compile/32-bit
feature/build/compile/armv7
testing-framework
README-update
remotes/fork/README-update
remotes/fork/smartzeroconf
smartzeroconf
pages-devel
remotes/fork/pages-devel
pkgconfig
remotes/fork/pkgconfig
release
remotes/fork/release
v2.4.0
v2.3.4
v2.3.3
1.11.0-stable
v1.11.0-rc2
v2.3.2
v1.10.3-stable
v2.3.2-alpha
v2.3.1
v2.3.0
v1.10.2-stable
v1.10.2-rc1
v1.10.2-rc2
v2.1.2
v2.0.8-beta
v2.0.7-beta
v2.0.4-beta
v2.0.3-beta
v2.1.1
v2.1.0
v1.9.1-stable
v2.0.0
v1.9.0-stable
v2.0.0-RC2
v2.0.0-RC1
v2.0.0-stable
v1.8.8-stable
v1.8.7-stable
v1.8.6-stable
v1.8.5-stable
v1.8.4-stable
v1.8.3-stable
v1.8.1-stable
v1.8.0-beta
v1.7.3-stable
v1.7.2-stable
v1.7.1-stable
1.7.0
1.6.3-final
1.6.2
1.6.1
1.6.0
Labels
Clear labels   
HiDPI

   
bounty

   
bsd/freebsd

   
bsd/openbsd

   
bug

   
bug

   
build-infra

   
cantfix

   
critical

   
doc

   
duplicate

   
enhancement

   
fix-available

   
from git

   
from release

   
good first issue

   
help wanted

   
installer/package

   
invalid

   
linux

   
macOS

   
meta

   
needs testing

   
pull-request

Mirrored from GitHub Pull Request

  
query

   
question

   
regression

   
regression

   
v2.4.0

   
windows

   
wontfix

   
work-in-progress
No labels
HiDPI
bounty
bsd/freebsd
bsd/openbsd
bug
bug
build-infra
cantfix
critical
doc
duplicate
enhancement
fix-available
from git
from release
good first issue
help wanted
installer/package
invalid
linux
macOS
meta
needs testing
pull-request
query
question
regression
regression
v2.4.0
windows
wontfix
work-in-progress
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/barrier#195
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?