Bug 222543

Is this coming from /lib/security/pam_xauth.so ?

Uhhh this seems fixed now.

pam-0.99.7.0-2.fc7 ?

Yes it is. It was a bug in pam_keyinit.so module.

This appears to have regressed, starting about 3 weeks ago.

Could this be a problem with pam-0.99.7.1-3.fc7 ?

[root@localhost ~]# ls -lat .xauth*
-rw------- 1 root root 66 2007-03-08 06:16 .xauthPnmTmI
-rw------- 1 root root 66 2007-03-06 14:09 .xauthgVJXtV
-rw------- 1 root root 66 2007-03-03 16:56 .xauth0djkLb
-rw------- 1 root root 66 2007-03-03 16:48 .xauth5Tr9fc
-rw------- 1 root root 66 2007-03-03 10:42 .xauthOpqrlL
-rw------- 1 root root 66 2007-03-02 15:20 .xauth6YIqeT
-rw------- 1 root root 66 2007-03-01 15:42 .xauthgcebzg
-rw------- 1 root root 66 2007-03-01 13:36 .xauthXlpiWJ
-rw------- 1 root root 66 2007-02-27 09:00 .xauthWeNUpB
-rw------- 1 root root 66 2007-02-25 14:33 .xauthlNgl6g
-rw------- 1 root root 66 2007-02-25 10:33 .xauthjteXA4
-rw------- 1 root root 66 2007-02-24 11:50 .xauthq2rR5k
-rw------- 1 root root 66 2007-02-23 08:47 .xauthDBPVPL
-rw------- 1 root root 66 2007-02-22 06:24 .xauthe3bItB
-rw------- 1 root root 66 2007-02-21 06:53 .xauthNVYo2x
-rw------- 1 root root 66 2007-02-21 06:52 .xauthfFgfMk
-rw------- 1 root root 66 2007-02-20 14:00 .xauthpNmM5W
-rw------- 1 root root 66 2007-02-20 10:32 .xauthn9dNDT
-rw------- 1 root root 66 2007-02-20 09:36 .xauthy3YTfa
-rw------- 1 root root 66 2007-02-19 17:17 .xauthNR3gOm
-rw------- 1 root root 66 2007-02-15 08:22 .xauth0nSCWj

Strange, I cannot reproduce the problem with latest rawhide. Can you strace
attach the su process before you log out of the 'su' session?

Below is the strace, but your request may clarify.....

I frequently reboot/shutdown without exiting from 'su -'. If these files are
removed only at normal exit, they would tend to linger on....

That possible?


Process 3698 attached - interrupt to quit
waitpid(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], WSTOPPED) = 3709
open("/etc/security/pam_env.conf", O_RDONLY|O_LARGEFILE) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=2980, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f3c000
read(4, "#\n# This is the configuration fi"..., 4096) = 2980
read(4, "", 4096)                       = 0
close(4)                                = 0
munmap(0xb7f3c000, 4096)                = 0
open("/etc/environment", O_RDONLY|O_LARGEFILE) = 4
fstat64(4, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f3c000
read(4, "", 4096)                       = 0
close(4)                                = 0
munmap(0xb7f3c000, 4096)                = 0
socket(PF_NETLINK, SOCK_RAW, 9)         = 4
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
readlink("/proc/self/exe", "/bin/su", 4095) = 7
sendto(4, "h\0\0\0P\4\5\0\5\0\0\0\0\0\0\0PAM: setcred acc"..., 104, 0,
{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 104
poll([{fd=4, events=POLLIN, revents=POLLIN}], 1, 100) = 1
recvfrom(4, "$\0\0\0\2\0\0\0\5\0\0\0r\16\0\0\0\0\0\0h\0\0\0P\4\5\0\5"..., 8988,
MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36
recvfrom(4, "$\0\0\0\2\0\0\0\5\0\0\0r\16\0\0\0\0\0\0h\0\0\0P\4\5\0\5"..., 8988,
MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36
close(4)                                = 0
geteuid32()                             = 0
getegid32()                             = 500
setregid32(-1, 0)                       = 0
keyctl(0x3, 0x6aae3bd, 0, 0, 0x1f4)     = 0
setregid32(-1, 500)                     = 0
getuid32()                              = 500
open("/etc/passwd", O_RDONLY)           = 4
fcntl64(4, F_GETFD)                     = 0
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
fstat64(4, {st_mode=S_IFREG|0644, st_size=1899, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f3c000
read(4, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1899
close(4)                                = 0
munmap(0xb7f3c000, 4096)                = 0
getuid32()                              = 500
time(NULL)                              = 1174328410
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0
send(3, "<86>Mar 19 11:20:10 su: pam_unix"..., 76, MSG_NOSIGNAL) = 76
unlink("/root/.xauthgOjo0T")            = 0
socket(PF_NETLINK, SOCK_RAW, 9)         = 4
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
readlink("/proc/self/exe", "/bin/su", 4095) = 7
sendto(4, "p\0\0\0R\4\5\0\6\0\0\0\0\0\0\0PAM: session clo"..., 112, 0,
{sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 112
poll([{fd=4, events=POLLIN, revents=POLLIN}], 1, 100) = 1
recvfrom(4, "$\0\0\0\2\0\0\0\6\0\0\0r\16\0\0\0\0\0\0p\0\0\0R\4\5\0\6"..., 8988,
MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36
recvfrom(4, "$\0\0\0\2\0\0\0\6\0\0\0r\16\0\0\0\0\0\0p\0\0\0R\4\5\0\6"..., 8988,
MSG_DONTWAIT, {sa_family=AF_NETLINK, pid=0, groups=00000000}, [12]) = 36
close(4)                                = 0
munmap(0x884000, 6124)                  = 0
munmap(0x7c9000, 13300)                 = 0
munmap(0xc3d000, 97476)                 = 0
munmap(0x4f74a000, 93012)               = 0
munmap(0x4f76e000, 285024)              = 0
munmap(0x4f7b6000, 96040)               = 0
munmap(0xe75000, 5856)                  = 0
munmap(0x121000, 14700)                 = 0
munmap(0x617000, 30464)                 = 0
munmap(0x110000, 46240)                 = 0
munmap(0x41172000, 184636)              = 0
munmap(0x2bd000, 4436)                  = 0
munmap(0xef0000, 14248)                 = 0
munmap(0x11c000, 15352)                 = 0
close(1)                                = 0
close(2)                                = 0
exit_group(0)                           = ?
Process 3698 detached
[root@localhost ~]# 

Yes, when not exited cleanly from su, these files will stay there - there is no
process which could remove them.
-> back to CLOSED-RAWHIDE as the original problem indeed is fixed.