disable xauth for local users

Bug #276357 reported by Alexander Sack on 2008-09-30
30
This bug affects 2 people
Affects Status Importance Assigned to Milestone
xorg (Ubuntu)
High
Bryce Harrington
Intrepid
Medium
Unassigned
Karmic
High
Unassigned
Lucid
High
Bryce Harrington

Bug Description

[Impact]
In the Karmic release, this fix was dropped accidentally. This causes a regression for people who do new installations, which makes xauth required again even for local users. It does not affect upgraders since earlier versions of the package installed it and no versions actually remove it so the file would still be in place.

[Development Fix]
The fix has been committed to xorg git and will be made available when we next update xorg in Lucid.

[Release Fix]
The debdiff attached to this bug restores the file.

[Regression Potential]
Essentially none. This file had been present up until very shortly before karmic released with no ill effect. This change does nothing more than restore the file.

Binary package hint: xorg

recent NetworkManager upgrade reveals that X sessions cannot deal with a changed hostname. Further investigation showed that fedora and opensuse dont have this issue.

http://mail.gnome.org/archives/networkmanager-list/2008-September/msg00291.html

In order to prepare ubuntu intrepid for NM 0.7 we should consider to apply http://cvs.fedoraproject.org/viewvc/rpms/xorg-x11-xinit/devel/localuser.sh?revision=1.2&view=markup to your Xsessions.d

Related branches

Alexander Sack (asac) wrote :

milestoning for final as not fixing this will require us to strip down NetworkManager features and will leave NetworkManager svn builds completely unsupported (in that it breaks your X session).

Changed in xorg:
importance: Undecided → High
milestone: none → ubuntu-8.10
status: New → Triaged
Alexander Sack (asac) wrote :

to avoid confusion and unneeded discussion: the default NM install on ubuntu will honour /etc/hostname. This bug is just about those that opt-out and explicitly want to get the hostname updated.

Alexander Sack (asac) wrote :

AIUI, network-manager will not do these automatic hostname updates anymore.

Dropping milestone to reflect the reduced severity. Anyway, still something we should consider imo.

Changed in xorg:
importance: High → Medium
milestone: ubuntu-8.10 → none
Bryce Harrington (bryce) on 2008-10-16
Changed in xorg:
status: Triaged → Won't Fix

On Thu, Oct 16, 2008 at 06:24:24PM -0000, Bryce Harrington wrote:
> ** Changed in: xorg (Ubuntu Intrepid)
> Status: Triaged => Won't Fix
>

Bryce, wont fix because of lack of time or because of technical
reasons not to do what redhat and most likely suse do?

 - Alexander

Oliver Grawert (ogra) wrote :

well, a saner way would probably be to just add the "new" host to the xauthority file instead of dropping all security checking

Alexander Sack (asac) wrote :

On Mon, Oct 20, 2008 at 12:20:31AM -0000, Oliver Grawert wrote:
> well, a saner way would probably be to just add the "new" host to the
> xauthority file instead of dropping all security checking
>

Right, but if the security checkings have no use, then we should drop
them for localusers. If there is a use we should get a fix for this
upstream.

redhat appears to be convinced that there is no reason for this
security for local users. do we have reason to believe that thats
wrong?

 - Alexander

Bryce Harrington (bryce) wrote :

> Bryce, wont fix because of lack of time or because of technical
> reasons not to do what redhat and most likely suse do?

Primarily because you had already identified a workaround. I don't have a problem with it technically and am happy to include it, but we need to get the security team's buy-off on it. I'll sub Kees to it for review.

Kees Cook (kees) wrote :

I don't have any objection to this. It seems safe if it actually works as documented. :)
Note the caveat from the end of "man Xsecurity":

              If your system supports [localuser] and you use it, be warned
              that some programs that proxy connections and are setuid or set‐
              gid may get authenticated as the uid or gid of the proxy pro‐
              cess. For instance, some versions of ssh will be authenticated
              as the user root, no matter what user is running the ssh client,
              so on systems with such software, adding access for
              localuser:root may allow wider access than intended to the X
              display.

As such, it should probably be tested with things that are known to do funny uid things, like the PolicyKit password helpers, etc. As long as those still work when the hostname changes, this seems like a reasonable addition.

Oliver Grawert (ogra) wrote :

please note that ltsp (which we promote as a product) by default uses ssh -Y as connection method (with proxied X connection as described above) and offers an additional feature to do teh X traffic forwarding unencrypted (while keeping teh password handshake in a ssh tunnel) that is secured by xauth cookies. LDM (the ltsp display manager) uses functionallity to add and remove on the fly generated session cookies to the Xauthority file of the user for the latter case, i dont see why this shouldnt just work in case of a hostname change.

Alexander Sack (asac) wrote :

On Mon, Nov 10, 2008 at 10:06:05AM -0000, Oliver Grawert wrote:
> please note that ltsp (which we promote as a product) by default uses
> ssh -Y as connection method (with proxied X connection as described
> above) and offers an additional feature to do teh X traffic forwarding
> unencrypted (while keeping teh password handshake in a ssh tunnel) that
> is secured by xauth cookies. LDM (the ltsp display manager) uses
> functionallity to add and remove on the fly generated session cookies to
> the Xauthority file of the user for the latter case, i dont see why this
> shouldnt just work in case of a hostname change.
>

This is valid for complex setups but imo, we should not go for such
complicated solutions if there is a simple one for almost all cases -
and which is used by fedora.

Bryce, can you push this to jaunty please?

 - Alexander

Bryce Harrington (bryce) on 2009-02-11
Changed in xorg:
assignee: nobody → bryceharrington
importance: Medium → High
Alexander Sack (asac) wrote :

On Wed, Feb 11, 2009 at 11:52:35PM -0000, Bryce Harrington wrote:
> ** Changed in: xorg (Ubuntu)
> Importance: Medium => High
> Assignee: (unassigned) => Bryce Harrington (bryceharrington)
>

thanks for taking a look at this bryce. This would be helpful to have
i think.

 - Alexander

Bryce Harrington (bryce) wrote :

Btw, can you test if just running the localhost.sh script is sufficient to solve the issue? I'm wondering if the "-nolisten tcp" option also needs to be removed in order to make xhost work properly. Hopefully it isn't, but please confirm.

Bryce Harrington (bryce) wrote :

Here's what I've got queued to commit - would you mind reviewing this and making sure it includes everything needed? Thanks ahead of time.

Changed in xorg:
status: Triaged → In Progress
Kees Cook (kees) on 2009-03-09
Changed in xorg:
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xorg - 1:7.4~5ubuntu14

---------------
xorg (1:7.4~5ubuntu14) jaunty; urgency=low

  * Add local/Xsession.d/60x11-localhost: Allow X connections from local
    unix domain sockets instead of forcing TCP since hostname validation
    is not necessary in this case.
    (LP: #276357)
  * apport/source_xorg.py: Detect presence of fglrx loaded in kernel

 -- Bryce Harrington <email address hidden> Tue, 10 Mar 2009 09:56:15 -0700

Changed in xorg:
status: Fix Committed → Fix Released

After upgrading to version 1:7.4~5ubuntu14, I cannot login anymore. ~/.xsession-errors says

/etc/gdm/Xsession: Beginning session setup...
/etc/X11/Xsession.d/60x11-localhost: 4: Syntax error: Bad fd number

JIm Purdy (jim-purdy-comcast) wrote :

I've got the same exact problem!

/etc/gdm/Xsession: Beginning session setup...
/etc/X11/Xsession.d/60x11-localhost: 4: Syntax error: Bad fd number

Error is fixed in version 1:7.4~5ubuntu15.

luvinit (markkeeling) wrote :

It seems I have a related problem with Jaunty Jackalope.
I am trying LTSP on Jaunty. The reason that I am trying Jaunty is because there were also other errors in Gnome that stopped the Hardy and Intrepid versions from allowing login, but those errors seem to have gone in the Jaunty verison, but I still can't login. Originally I couldn't login to the client, no errors were listed in the .xsession-errors file. Two days ago there were updates to the LTSP and other packages and LTSP worked for all of one day. Now I can no longer login, but the difference is that there is the following error listed:
Xsession: X session started for ltsp at Thu Mar 12 11:22:30 GMT 2009
*xhost: must be on local machine to add or remove hosts.*
Setting IM through im-switch for locale=en_GB.
Start IM through /etc/X11/xinit/xinput.d/all_ALL linked to /etc/X11/xinit/xinput.d/default.
I: caps.c: Limited capabilities successfully to CAP_SYS_NICE.
I: caps.c: Dropping root privileges.
I: caps.c: Limited capabilities successfully to CAP_SYS_NICE.
Failure: Module initalization failed

I have the 1:7.4~5ubuntu15 xorg package mentioned above installed on the system.

Bryce Harrington (bryce) wrote :

luvinit, that sounds like a separate issue; it won't get investigated on this bug report so if you'd like to have it looked at, report it as a new bug.

Oliver Grawert (ogra) wrote :

bryce, it was me who duplicated the original ltsp bug, there were no changes in ltsp and the problem showed exactly after your change in Xorg (note that we keep the X authentication for LTSP on the thin client (since thats where the X server runs in LTSP, with no write access to xauth data from the server)) if the xauth changes are done by an Xsession.d script you wont be able to write to the actual authentication file in use, probably the script needs special casing if LTSP_CLIENT is set (having this in the environment is the case on a ltsp clients) and just skip setting local cookies...

Bryce Harrington (bryce) on 2009-11-03
Changed in xorg (Ubuntu):
status: Fix Released → In Progress
Changed in xorg (Ubuntu Karmic):
status: New → In Progress
Changed in xorg (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in xorg (Ubuntu Karmic):
importance: Undecided → High
Bryce Harrington (bryce) wrote :

I'm reopening this bug because it regressed. Due to bug 340807 the file got renamed, but this didn't get into git apparently, and got dropped as a stray file. I probably didn't have enough coffee that day. The attached debdiff restores it.

Bryce Harrington (bryce) on 2009-11-03
description: updated
Bryce Harrington (bryce) wrote :

Here is the file in question, in case anyone needs it to work around the problem while this SRU goes through the process. Copy this to /etc/X11/Xsession.d/

Martin Pitt (pitti) wrote :

Bryce, please go ahead and upload. (Don't wait for acks before uploading; we can still reject the upload if it's wrong)

Bryce Harrington (bryce) wrote :

Okay, done

On Tue, Nov 03, 2009 at 11:44:56PM -0000, Martin Pitt wrote:
> Bryce, please go ahead and upload. (Don't wait for acks before
> uploading; we can still reject the upload if it's wrong)
>
> --
> disable xauth for local users
> https://bugs.launchpad.net/bugs/276357
> You received this bug notification because you are a bug assignee.
>
> Status in ???xorg??? package in Ubuntu: Fix Committed
> Status in xorg in Ubuntu Lucid: Fix Committed
> Status in xorg in Ubuntu Intrepid: Won't Fix
> Status in xorg in Ubuntu Karmic: In Progress
>
> Bug description:
> [Impact]
> In the Karmic release, this fix was dropped accidentally. This causes a regression for people who do new installations, which makes xauth required again even for local users. It does not affect upgraders since earlier versions of the package installed it and no versions actually remove it so the file would still be in place.
>
> [Development Fix]
> The fix has been committed to xorg git and will be made available when we next update xorg in Lucid.
>
> [Release Fix]
> The debdiff attached to this bug restores the file.
>
> [Regression Potential]
> Essentially none. This file had been present up until very shortly before karmic released with no ill effect. This change does nothing more than restore the file.
>
> Binary package hint: xorg
>
> recent NetworkManager upgrade reveals that X sessions cannot deal with a changed hostname. Further investigation showed that fedora and opensuse dont have this issue.
>
> http://mail.gnome.org/archives/networkmanager-list/2008-September/msg00291.html
>
> In order to prepare ubuntu intrepid for NM 0.7 we should consider to apply http://cvs.fedoraproject.org/viewvc/rpms/xorg-x11-xinit/devel/localuser.sh?revision=1.2&view=markup to your Xsessions.d
>

Timo Aaltonen (tjaalton) wrote :

lucid is now fixed.

Changed in xorg (Ubuntu Lucid):
status: Fix Committed → Fix Released
lunkwill (launchpad-lunkwill) wrote :

This affected me in karmic, but after a dist-upgrade it now works. Changing to "Fix released"

Changed in xorg (Ubuntu Karmic):
status: In Progress → Fix Released
slnkez (slnkez) on 2010-01-13
Changed in xorg (Ubuntu Karmic):
status: Fix Released → Confirmed
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers