Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 83409

Summary: XAUTHORITY weirdness
Product: [Retired] Red Hat Linux Reporter: Robert Tinsley <bobtinsley>
Component: pamAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED CURRENTRELEASE QA Contact: Jay Turner <jturner>
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0CC: mitr, srevivo
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-06-18 19:22:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Robert Tinsley 2003-02-04 01:47:03 UTC 
Description of problem:

PAM doesn't understand X authentication.


Version-Release number of selected component (if applicable):

0.75-40


How reproducible:

Every time.


Steps to Reproduce:

$ echo $DISPLAY
:0
$ echo $XAUTHORITY
/home/rjt/.Xauthority
$ xauth nlist
0100 <snip!> 5461
$ su -l
Password:
# echo $DISPLAY
:0
# echo $XAUTHORITY
/root/.xauthBhkWTM
# xauth nlist
0100 <snip! same as before> 5461
# xterm # works fine
# su -l notroot
$ echo $DISPLAY
:0
$ echo $XAUTHORITY
/root/.xauthBhkWTM
$ xauth nlist # hangs (for obvious reasons)
$ xterm
Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified
xterm Xt error: Can't open display: :0
$ su -l rjt
Password:
$ echo $DISPLAY
:0
$ echo $XAUTHORITY
/root/.xauthBhkWTM

 
Actual results:

see above


Expected results:

XAUTHORITY should always be either unset or $HOME/.Xauthority (the default)


Additional info:

there appears to be no reason to set root's XAUTHORITY to a temp-file, with the
(untested but strongly suspected) result that root can only easily access one
cookie at a time.

but for non-root users (non-system users?), XAUTHORITY is erroneously passed all
the way through to the target user, with the result that the target user tries
to use another account's .Xauthority file.

in fact, it seems to be almost an accident that the common case (su root, only
need access to one cooke) works at all...
Comment 1 Robert Tinsley 2003-05-03 00:26:06 UTC 
any update?
Comment 2 Nalin Dahyabhai 2004-06-18 19:22:44 UTC 
The XAUTHORITY environment variable isn't being changed by default
when you drop from root to an unprivileged user due to the change in
RHSA-2003:035 -- the display cookie isn't being forwarded, and the
environment variable remains untouched.

Whether it should be cleared, I couldn't say for certain, but placing
"notroot" in root's .xauth/export file will cause the cookie to be
manipulated, as it was before.  Marking as fixed in the current release.