Bug 83409 - XAUTHORITY weirdness
Summary: XAUTHORITY weirdness
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: pam
Version: 8.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Jay Turner
Depends On:
TreeView+ depends on / blocked
Reported: 2003-02-04 01:47 UTC by Robert Tinsley
Modified: 2015-01-08 00:03 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2004-06-18 19:22:44 UTC

Attachments (Terms of Use)

Description Robert Tinsley 2003-02-04 01:47:03 UTC
Description of problem:

PAM doesn't understand X authentication.

Version-Release number of selected component (if applicable):


How reproducible:

Every time.

Steps to Reproduce:

$ echo $DISPLAY
$ xauth nlist
0100 <snip!> 5461
$ su -l
# echo $DISPLAY
# xauth nlist
0100 <snip! same as before> 5461
# xterm # works fine
# su -l notroot
$ echo $DISPLAY
$ xauth nlist # hangs (for obvious reasons)
$ xterm
Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified
xterm Xt error: Can't open display: :0
$ su -l rjt
$ echo $DISPLAY

Actual results:

see above

Expected results:

XAUTHORITY should always be either unset or $HOME/.Xauthority (the default)

Additional info:

there appears to be no reason to set root's XAUTHORITY to a temp-file, with the
(untested but strongly suspected) result that root can only easily access one
cookie at a time.

but for non-root users (non-system users?), XAUTHORITY is erroneously passed all
the way through to the target user, with the result that the target user tries
to use another account's .Xauthority file.

in fact, it seems to be almost an accident that the common case (su root, only
need access to one cooke) works at all...

Comment 1 Robert Tinsley 2003-05-03 00:26:06 UTC
any update?

Comment 2 Nalin Dahyabhai 2004-06-18 19:22:44 UTC
The XAUTHORITY environment variable isn't being changed by default
when you drop from root to an unprivileged user due to the change in
RHSA-2003:035 -- the display cookie isn't being forwarded, and the
environment variable remains untouched.

Whether it should be cleared, I couldn't say for certain, but placing
"notroot" in root's .xauth/export file will cause the cookie to be
manipulated, as it was before.  Marking as fixed in the current release.

Note You need to log in before you can comment on or make changes to this bug.