Bug 110369 - gtk_init_check () doesn't handle xauth failures
gtk_init_check () doesn't handle xauth failures
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: gtk2 (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Matthias Clasen
Depends On:
  Show dependency treegraph
Reported: 2003-11-18 16:48 EST by Matthew Galgoci
Modified: 2007-11-30 17:06 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-10-19 15:32:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Matthew Galgoci 2003-11-18 16:48:52 EST
Description of problem:

sudo does not use pam_xauth in its pam config file so that when
ssh'd in remotely to a server and you type sudo su -  and try
and run an x client (such as up2date) you get something like this:

[root@pedro root]# up2date -l
X11 connection rejected because of wrong authentication.
[root@pedro root]# echo $DISPLAY


[mgalgoci@razor mgalgoci]$ ssh pedro.ges.redhat.com
mgalgoci@pedro's password:
[mgalgoci@pedro mgalgoci]$ sudo su -
[root@pedro root]# xeyes
X11 connection rejected because of wrong authentication.
X connection to localhost:11.0 broken (explicit kill or server shutdown).
[root@pedro root]# echo $DISPLAY

Not that I really wanted to use the gui up2date client in the first
place, it is nevertheless a bug in sudo's configuration.

Steps to Reproduce:
1. ssh to a machine as a user
2. sudo su -  to root
3. try to run an X application.
Actual results:

X authentication is rejected.

Expected results:

My xauth credential should be forwarded by pam_xauth to my root
session and my X client should authenticate run.
Comment 1 Thomas Woerner 2004-03-18 10:15:12 EST
It is not a good idea to give access to the X11 session per se.
If the user has restricted access to not-X11 programs, he can get
access to the full X11 session with this.

Closing as won't fix.
Comment 2 Matthew Galgoci 2004-05-17 15:45:54 EDT
Usermod is apparently at fault here because /usr/bin/up2date is a
symlink to consolehelper.

Alternatively, consolehelper should not fail critically if it barfs on
xauth, and instead should fall back to console mode.
Comment 3 Matthew Galgoci 2004-05-17 15:46:48 EDT
This should probably be re-assigned to nalin :)
Comment 4 Miloslav Trmač 2007-03-07 12:09:40 EST
When an X11 session is rejected as described in comment 0, gtk_init_check ()
or something it uses calls exit (1) instead of returning FALSE.
Comment 5 RHEL Product and Program Management 2007-10-19 15:32:58 EDT
This bug is filed against RHEL 3, which is in maintenance phase.
During the maintenance phase, only security errata and select mission
critical bug fixes will be released for enterprise products. Since
this bug does not meet that criteria, it is now being closed.
For more information of the RHEL errata support policy, please visit:
If you feel this bug is indeed mission critical, please contact your
support representative. You may be asked to provide detailed
information on how this bug is affecting you.

Note You need to log in before you can comment on or make changes to this bug.