"xauth generate" with large timeout triggers assertion
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
X.Org X server |
Unknown
|
Unknown
|
|||
xorg-server (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Lucid |
Fix Released
|
High
|
Unassigned |
Bug Description
[Impact]
xauth is not commonly run by users, but applications should not be able to crash the X server. In the case of a guest session, although this does not allow the guest to terminate other users' sessions it leaves the system at a blank VT from which it is not obvious how to recover.
[Development]
The patch has also been applied to ubuntu-x git, and will be uploaded with 2:1.8.1.
[Patch]
The patch is taken from upstream's patchwork tracker: http://
[Test Case 1]
1. Update Lucid to the latest version. Reboot and log into Gnome
2. Open a gnome-terminal
3. Run “xauth generate $DISPLAY . timeout 99999999”
4. Xserver instantly crashes (and is restarted by display manager). It should not crash at this point.
[Test Case 2]
1. Update Lucid to the latest version. Reboot and log into Gnome
2. From the session menu select “Guest session”
2. In the new guest session, open a gnome-terminal
3. Run “xauth -i generate $DISPLAY . timeout 99999999”
4. Xserver instantly crashes, resulting in a black screen. After setting console to raw mode (Alt+SysRq+R) Ctrl+Alt+F7 (or possibly F8, F9, etc) will switch back to the original user's session.
[Regression Potential]
Low. The patch is small, just dropping the assert that causes the crash and ensuring the timeout values fit in the positive range of a CARD32 value.
There is a known problem with the patch when the epoch time is sufficiently far in the future that we can ignore it for now.
"""
When epoch time is GetTimeInMillis() -
(CARD32)(MAXINT), ie Sun Jan 10 2038 11:09:28 GMT+0530 (IST), security
authorization will expire with timeout reset to Zero.
"""
[Original Report]
Running "xauth generate" with a large timeout value (e.g., "xauth generate :0.0 . trusted timeout 99999999") causes the X server to crash with an assertion failure. Immediately upon running the command, the X server crashes, and after a few seconds, the login screen appears.
I have attached a full backtrace. Xorg.0.log and dmesg don't contain any relevant data.
SecurityAuthori
#3 0x0039f648 in *__GI___assert_fail (assertion=
buf = 0x9f64128 "X: ../../Xext/
#4 0x0815f5bc in SecurityAuthori
#5 0x081313c2 in TimerSet (timer=0x9ff7018, flags=<value optimized out>, millis=3179338,
prev = <value optimized out>
now = 6
#6 0x0815f4f5 in SecurityStartAu
#7 0x0815fa01 in ProcSecurityGen
pAuth = 0x9ee0c70
err = <value optimized out>
authId = 372
rep = {type = 164 '\244', pad0 = 96 '`', sequenceNumber = 2079, length = 3221023496, authId = 0,
trustLevel = 0
group = 0
timeout = 99999999
values = <value optimized out>
protoname = 0xa002584 "MIT-MAGIC-
pAuthdata = <value optimized out>
eventMask = 0
lsb_release -rd:
Description: Ubuntu 9.10
Release: 9.10
apt-cache policy xserver-xorg-core:
xserver-xorg-core:
Installed: 2:1.6.4-2ubuntu4.1
Candidate: 2:1.6.4-2ubuntu4.1
Version table:
*** 2:1.6.4-2ubuntu4.1 0
500 http://
500 http://
100 /var/lib/
2:
500 http://
tags: | removed: needs-xorglog |
Changed in xorg-server (Ubuntu): | |
status: | Incomplete → Confirmed |
affects: | xorg-server (Ubuntu) → nvidia-graphics-drivers (Ubuntu) |
affects: | nvidia-graphics-drivers (Ubuntu) → xorg-server (Ubuntu) |
description: | updated |
affects: | xorg-server (Ubuntu) → nvidia-graphics-drivers (Ubuntu) |
affects: | nvidia-graphics-drivers (Ubuntu) → xorg-server (Ubuntu) |
Changed in xorg-server (Ubuntu): | |
importance: | Undecided → Medium |
status: | Confirmed → Triaged |
tags: | added: omit |
summary: |
- "xauth generate" with large timeout crashes X server + "xauth generate" with large timeout triggers assertion |
description: | updated |
tags: | removed: omit |
tags: | added: karmic |
tags: | added: hardy |
Changed in xorg-server (Ubuntu): | |
status: | Incomplete → Triaged |
description: | updated |
Changed in xorg-server (Ubuntu): | |
status: | Triaged → Fix Committed |
Changed in xorg-server (Ubuntu Lucid): | |
status: | Triaged → Fix Committed |
tags: |
added: verification-done removed: verification-needed |
Hi cbane,
Thanks for including the attached files. Could you also include your /var/log/Xorg.0.log (or Xorg.0.log.old) from after reproducing the issue?
Please attach the output of `lspci -vvnn` too.
[This is an automated message. Apologies if it has reached you inappropriately; please just reply to this message indicating so.]