Bug 349071 - Server-Interpreted xhost line added by xinit breaks some X11 clients
Summary: Server-Interpreted xhost line added by xinit breaks some X11 clients
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: xorg-x11-xinit   
(Show other bugs)
Version: 8
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Adam Jackson
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-10-23 17:03 UTC by Need Real Name
Modified: 2018-04-11 07:12 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-11 22:49:04 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Need Real Name 2007-10-23 17:03:52 UTC
Description of problem:

The script
/etc/X11/xinit/xinitrc.d/localuser.sh
causes xhost to have a server-interpreted line "SI:localuser:your-username". 
The presence of this line breaks some software, notably the "send" command of
Tk, which does a simple inspection of `xhost` for security reasons.

The logged-in user on the localhost has xauth authentication, so does this xhost
line serve any useful purpose?

Version-Release number of selected component (if applicable):

xorg-x11-xinit-1.0.7-2.fc8

How reproducible:

Always.

Steps to Reproduce:
1. Install Fedora 8 rc3 in graphical mode; accept defaults (runlevel 5,
graphical login)
2. Login using gdm
3. run xhost

  
Actual results (output):

access control enabled, only authorized clients can connect
SI:localuser:your-username

Expected results (output):

access control enabled, only authorized clients can connect

Additional info:

Comment 1 Matěj Cepl 2008-01-12 21:39:39 UTC
Looks like duplicate of bug 199809, but that was supposed to be fixed in Rawhide
sometimes in 2006.

Comment 2 Adam Jackson 2008-02-11 22:49:04 UTC
(In reply to comment #0)
> The script
> /etc/X11/xinit/xinitrc.d/localuser.sh
> causes xhost to have a server-interpreted line "SI:localuser:your-username". 
> The presence of this line breaks some software, notably the "send" command of
> Tk, which does a simple inspection of `xhost` for security reasons.
> 
> The logged-in user on the localhost has xauth authentication, so does this xhost
> line serve any useful purpose?

Yes, it does.  One, it allows you to connect to the server even if you've
disabled the Xauthority file (which we plan to do either in F9 or F10), which is
an improvement in security when, say, your ~ is on NFS.  Two, it makes
connectivity to the server resilient in the face of hostname changes, which are
common when in a DHCP environment.

So, send is broken.


Note You need to log in before you can comment on or make changes to this bug.