Bug 65 - Missing /etc/X11/xdm/authdir - was 'ill inital xhost values'
Missing /etc/X11/xdm/authdir - was 'ill inital xhost values'
Product: Red Hat Linux
Classification: Retired
Component: XFree86 (Show other bugs)
All Linux
high Severity medium
: ---
: ---
Assigned To: David Lawrence
: Security
Depends On: 110863
  Show dependency treegraph
Reported: 1998-11-14 00:47 EST by nils
Modified: 2008-05-01 11:37 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 1998-11-16 08:48:07 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description nils 1998-11-14 00:47:23 EST
[Sorry to come with this again]

The now closed (DISCARDED) bug #8 happened on our systems
even within xdm. I digged a little bit and found out that
/etc/X11/xdm/authdir is missing. xdm tries to put its auth
files in /usr/X11R6/lib/X11/xdm/authdir which due to
symlinks resolves to /etc/X11/xdm/authdir. Someone should
include /etc/X11/xdm/authdir in the XFree86 package,
otherwise xdm will fall back to xhost authorization. Now we
have the -- still -- ill xhost values when starting without
xauth. The inital values should (at max) be 'LOCAL:' --
no 'thishost.domain.com' and 'localhost'. And the xhost
values (maybe except the LOCAL:) should be resettable by the
user, or am I talking nonsens here?

I think the lack of /etc/X11/xdm/authdir is due to us not
going through the 'official' redhat update procedure but
just installing the new rpms on the machines in our pool.
Maybe one should advise people to check for this directory
on their machines, because the lack of it causes IMO a
not negligible security breach. Don't forget to include
/etc/X11/xdm/authdir in the next release of XFree.

Best wishes,
Comment 1 Preston Brown 1998-11-16 08:48:59 EST
You are correct that /etc/X11/xdm/authdir is not owned by any
package.   However, further investigation shows that xdm actually
creates the authdir if it is not present when it is first run.
Therefore there is no need for it to be owned by the package.

When logging in with xdm, on a 5.2 system, this is the default value
that I get for xhost:

[pbrown@pip xdm]$ xhost
access control enabled, only authorized clients can connect

which is what I would expect.  Users other than myself cannot start X
programs.  For example, here is what happens if I try to start xclock
as root (instead of myself, pbrown):

[root@pip xdm]# xclock
Xlib: connection to ":0.0" refused by server
Xlib: Client is not authorized to connect to Server
Error: Can't open display: :0.0

If you get other values from xhost while you are using xdm, you have
changed something in your configuration from the default settings.

Note You need to log in before you can comment on or make changes to this bug.