Every time I su to root after installing pam-0.75-19, a file with a random name matching the pattern /root/.xauth* is left on my machine. This needs to be cleaned up.
It should already be cleaned up when you exit the shell (or program) started by su. Is this not happening? If you "su" once, then "su" again on another VT or in another terminal window, can you see if a temporary file is being generated when the session is opened, and if it's removed when the session is closed? If you add "debug" to the end of the pam_xauth line in /etc/pam.d/su, configure syslog to log "debug" messages, and "su", then exit, does it log removal of the file?
OK, you're right, it does get removed when I exit from the su shell. I wish there was a way to do this other than creating a temporary file, though. If the su process is killed or crashes or something, it'll be left around as cruft forever.
Yes, that is a problem. The alternative (use .Xauthority and refcounting) was very complicated, and I think it was the source of the occasional "su segfaults on logout" bug. Another alternative (use temp files in /tmp) is no good because xauth uses lockfiles instead of "real" locking, so it can be screwed up easily, even by accident.