Bug 222543
Summary: | 'su -l' seems to be littering /root with .xauth* files | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Tom London <selinux> |
Component: | pam | Assignee: | Tomas Mraz <tmraz> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | meyering |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-03-19 19:14:45 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tom London
2007-01-13 18:35:07 UTC
Is this coming from /lib/security/pam_xauth.so ? Uhhh this seems fixed now. pam-0.99.7.0-2.fc7 ? Yes it is. It was a bug in pam_keyinit.so module. This appears to have regressed, starting about 3 weeks ago. Could this be a problem with pam-0.99.7.1-3.fc7 ? [root@localhost ~]# ls -lat .xauth* -rw------- 1 root root 66 2007-03-08 06:16 .xauthPnmTmI -rw------- 1 root root 66 2007-03-06 14:09 .xauthgVJXtV -rw------- 1 root root 66 2007-03-03 16:56 .xauth0djkLb -rw------- 1 root root 66 2007-03-03 16:48 .xauth5Tr9fc -rw------- 1 root root 66 2007-03-03 10:42 .xauthOpqrlL -rw------- 1 root root 66 2007-03-02 15:20 .xauth6YIqeT -rw------- 1 root root 66 2007-03-01 15:42 .xauthgcebzg -rw------- 1 root root 66 2007-03-01 13:36 .xauthXlpiWJ -rw------- 1 root root 66 2007-02-27 09:00 .xauthWeNUpB -rw------- 1 root root 66 2007-02-25 14:33 .xauthlNgl6g -rw------- 1 root root 66 2007-02-25 10:33 .xauthjteXA4 -rw------- 1 root root 66 2007-02-24 11:50 .xauthq2rR5k -rw------- 1 root root 66 2007-02-23 08:47 .xauthDBPVPL -rw------- 1 root root 66 2007-02-22 06:24 .xauthe3bItB -rw------- 1 root root 66 2007-02-21 06:53 .xauthNVYo2x -rw------- 1 root root 66 2007-02-21 06:52 .xauthfFgfMk -rw------- 1 root root 66 2007-02-20 14:00 .xauthpNmM5W -rw------- 1 root root 66 2007-02-20 10:32 .xauthn9dNDT -rw------- 1 root root 66 2007-02-20 09:36 .xauthy3YTfa -rw------- 1 root root 66 2007-02-19 17:17 .xauthNR3gOm -rw------- 1 root root 66 2007-02-15 08:22 .xauth0nSCWj Strange, I cannot reproduce the problem with latest rawhide. Can you strace attach the su process before you log out of the 'su' session? Below is the strace, but your request may clarify..... I frequently reboot/shutdown without exiting from 'su -'. If these files are removed only at normal exit, they would tend to linger on.... That possible? Process 3698 attached - interrupt to quit waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], WSTOPPED) = 3709 open("/etc/security/pam_env.conf", O_RDONLY|O_LARGEFILE) = 4 fstat64(4, {st_mode=S_IFREG|0644, st_size=2980, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f3c000 read(4, "#\n# This is the configuration fi"..., 4096) = 2980 read(4, "", 4096) = 0 close(4) = 0 munmap(0xb7f3c000, 4096) = 0 open("/etc/environment", O_RDONLY|O_LARGEFILE) = 4 fstat64(4, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f3c000 read(4, "", 4096) = 0 close(4) = 0 munmap(0xb7f3c000, 4096) = 0 socket(PF_NETLINK, SOCK_RAW, 9) = 4 fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 readlink("/proc/self/exe", "/bin/su", 4095) = 7 sendto(4, "h\0\0\0P\4\5\0\5\0\0\0\0\0\0\0PAM: setcred acc"..., 104, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 104 poll([{fd=4, events=POLLIN, revents=POLLIN}], 1, 100) = 1 recvfrom(4, "$\0\0\0\2\0\0\0\5\0\0\0r\16\0\0\0\0\0\0h\0\0\0P\4\5\0\5"..., 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36 recvfrom(4, "$\0\0\0\2\0\0\0\5\0\0\0r\16\0\0\0\0\0\0h\0\0\0P\4\5\0\5"..., 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36 close(4) = 0 geteuid32() = 0 getegid32() = 500 setregid32(-1, 0) = 0 keyctl(0x3, 0x6aae3bd, 0, 0, 0x1f4) = 0 setregid32(-1, 500) = 0 getuid32() = 500 open("/etc/passwd", O_RDONLY) = 4 fcntl64(4, F_GETFD) = 0 fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 fstat64(4, {st_mode=S_IFREG|0644, st_size=1899, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f3c000 read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1899 close(4) = 0 munmap(0xb7f3c000, 4096) = 0 getuid32() = 500 time(NULL) = 1174328410 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0 send(3, "<86>Mar 19 11:20:10 su: pam_unix"..., 76, MSG_NOSIGNAL) = 76 unlink("/root/.xauthgOjo0T") = 0 socket(PF_NETLINK, SOCK_RAW, 9) = 4 fcntl64(4, F_SETFD, FD_CLOEXEC) = 0 readlink("/proc/self/exe", "/bin/su", 4095) = 7 sendto(4, "p\0\0\0R\4\5\0\6\0\0\0\0\0\0\0PAM: session clo"..., 112, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 112 poll([{fd=4, events=POLLIN, revents=POLLIN}], 1, 100) = 1 recvfrom(4, "$\0\0\0\2\0\0\0\6\0\0\0r\16\0\0\0\0\0\0p\0\0\0R\4\5\0\6"..., 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36 recvfrom(4, "$\0\0\0\2\0\0\0\6\0\0\0r\16\0\0\0\0\0\0p\0\0\0R\4\5\0\6"..., 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36 close(4) = 0 munmap(0x884000, 6124) = 0 munmap(0x7c9000, 13300) = 0 munmap(0xc3d000, 97476) = 0 munmap(0x4f74a000, 93012) = 0 munmap(0x4f76e000, 285024) = 0 munmap(0x4f7b6000, 96040) = 0 munmap(0xe75000, 5856) = 0 munmap(0x121000, 14700) = 0 munmap(0x617000, 30464) = 0 munmap(0x110000, 46240) = 0 munmap(0x41172000, 184636) = 0 munmap(0x2bd000, 4436) = 0 munmap(0xef0000, 14248) = 0 munmap(0x11c000, 15352) = 0 close(1) = 0 close(2) = 0 exit_group(0) = ? Process 3698 detached [root@localhost ~]# Yes, when not exited cleanly from su, these files will stay there - there is no process which could remove them. -> back to CLOSED-RAWHIDE as the original problem indeed is fixed. |