Bug 83409 - XAUTHORITY weirdness
XAUTHORITY weirdness
Product: Red Hat Linux
Classification: Retired
Component: pam (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Jay Turner
Depends On:
  Show dependency treegraph
Reported: 2003-02-03 20:47 EST by Robert Tinsley
Modified: 2015-01-07 19:03 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-06-18 15:22:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Robert Tinsley 2003-02-03 20:47:03 EST
Description of problem:

PAM doesn't understand X authentication.

Version-Release number of selected component (if applicable):


How reproducible:

Every time.

Steps to Reproduce:

$ echo $DISPLAY
$ xauth nlist
0100 <snip!> 5461
$ su -l
# echo $DISPLAY
# xauth nlist
0100 <snip! same as before> 5461
# xterm # works fine
# su -l notroot
$ echo $DISPLAY
$ xauth nlist # hangs (for obvious reasons)
$ xterm
Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified
xterm Xt error: Can't open display: :0
$ su -l rjt
$ echo $DISPLAY

Actual results:

see above

Expected results:

XAUTHORITY should always be either unset or $HOME/.Xauthority (the default)

Additional info:

there appears to be no reason to set root's XAUTHORITY to a temp-file, with the
(untested but strongly suspected) result that root can only easily access one
cookie at a time.

but for non-root users (non-system users?), XAUTHORITY is erroneously passed all
the way through to the target user, with the result that the target user tries
to use another account's .Xauthority file.

in fact, it seems to be almost an accident that the common case (su root, only
need access to one cooke) works at all...
Comment 1 Robert Tinsley 2003-05-02 20:26:06 EDT
any update?
Comment 2 Nalin Dahyabhai 2004-06-18 15:22:44 EDT
The XAUTHORITY environment variable isn't being changed by default
when you drop from root to an unprivileged user due to the change in
RHSA-2003:035 -- the display cookie isn't being forwarded, and the
environment variable remains untouched.

Whether it should be cleared, I couldn't say for certain, but placing
"notroot" in root's .xauth/export file will cause the cookie to be
manipulated, as it was before.  Marking as fixed in the current release.

Note You need to log in before you can comment on or make changes to this bug.