Bug 349071 - Server-Interpreted xhost line added by xinit breaks some X11 clients
Server-Interpreted xhost line added by xinit breaks some X11 clients
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: xorg-x11-xinit (Show other bugs)
8
All Linux
low Severity medium
: ---
: ---
Assigned To: Adam Jackson
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-23 13:03 EDT by Need Real Name
Modified: 2008-02-11 17:49 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-11 17:49:04 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2007-10-23 13:03:52 EDT
Description of problem:

The script
/etc/X11/xinit/xinitrc.d/localuser.sh
causes xhost to have a server-interpreted line "SI:localuser:your-username". 
The presence of this line breaks some software, notably the "send" command of
Tk, which does a simple inspection of `xhost` for security reasons.

The logged-in user on the localhost has xauth authentication, so does this xhost
line serve any useful purpose?

Version-Release number of selected component (if applicable):

xorg-x11-xinit-1.0.7-2.fc8

How reproducible:

Always.

Steps to Reproduce:
1. Install Fedora 8 rc3 in graphical mode; accept defaults (runlevel 5,
graphical login)
2. Login using gdm
3. run xhost

  
Actual results (output):

access control enabled, only authorized clients can connect
SI:localuser:your-username

Expected results (output):

access control enabled, only authorized clients can connect

Additional info:
Comment 1 Matěj Cepl 2008-01-12 16:39:39 EST
Looks like duplicate of bug 199809, but that was supposed to be fixed in Rawhide
sometimes in 2006.
Comment 2 Adam Jackson 2008-02-11 17:49:04 EST
(In reply to comment #0)
> The script
> /etc/X11/xinit/xinitrc.d/localuser.sh
> causes xhost to have a server-interpreted line "SI:localuser:your-username". 
> The presence of this line breaks some software, notably the "send" command of
> Tk, which does a simple inspection of `xhost` for security reasons.
> 
> The logged-in user on the localhost has xauth authentication, so does this xhost
> line serve any useful purpose?

Yes, it does.  One, it allows you to connect to the server even if you've
disabled the Xauthority file (which we plan to do either in F9 or F10), which is
an improvement in security when, say, your ~ is on NFS.  Two, it makes
connectivity to the server resilient in the face of hostname changes, which are
common when in a DHCP environment.

So, send is broken.

Note You need to log in before you can comment on or make changes to this bug.