Re: [gdm-list] strange XAUTHORITY setting

From: Ray Strode <halfline gmail com>
To: jody <jody xha gmail com>
Cc: gdm-list gnome org
Subject: Re: [gdm-list] strange XAUTHORITY setting
Date: Fri, 17 Dec 2010 08:33:17 -0500

Hi,

On Thu, Dec 16, 2010 at 3:38 AM, jody <jody xha gmail com> wrote:
> i am using GNOME 2.20.3 on a fc8 machine.
That's quite old at this point. You may want to think about upgrading.
 fedora 8 hasn't gotten security updates in a long time.

> I recently noticed that instead of the default xauth file /home/jody/.Xauthority
> the environment variable was set to /tmp/.gdmRI0JNV
> (because of the name i assume this is somehing created by gdm)
yea.

Using ~/.Xauthority caused a lot of problems so at some point in the
distant past we switched to putting auth cookies elsewhere.

> the xauth file created by gdm is:
>
> myhost.uzh.ch/unix:0  MIT-MAGIC-COOKIE-1  442fa938015fb6795c16e499cbe0097e
> localhost.localdomain/unix:0  MIT-MAGIC-COOKIE-1
> 442fa938015fb6795c16e499cbe0097e
> myhost.uzh.ch:0  MIT-MAGIC-COOKIE-1  442fa938015fb6795c16e499cbe0097e
> myhost.uzh.ch:0  MIT-MAGIC-COOKIE-1  442fa938015fb6795c16e499cbe0097e
> myhost.uzh.ch:0  MIT-MAGIC-COOKIE-1  442fa938015fb6795c16e499cbe0097e
> localhost.localdomain:0  MIT-MAGIC-COOKIE-1  442fa938015fb6795c16e499cbe0097e
It's weird that there are duplicate entries, but there shouldn't be
anything wrong with the above file.

> whereas the original one is simply:
> myhost.uzh.ch/unix:10  MIT-MAGIC-COOKIE-1  2d7c230373fe5f2615f37027edf4d7c7

So this for ssh probably (note the display number is :10).

> Is there a reason why this file is created and used?
The file is used to grant local X clients access to the X server when
you log in.

> I ran into problems with the gdm-created Xauthority file
>  because with this file in use i can't use the DISPLAY variable
> 'myhost.uzh.ch:0.0'
>
> Because i need a 'globally' valid DISPLAY variable to use
> in a distributed application, i can't use ':0.0' .
Be careful here.  Having your DISPLAY open without  ssh tunnels leaves
you at risk of being snooped if your network is open.

> So as a workaraound i just unset the $XAUTHORITY variable.
> Is this safe?
If you unset $XAUTHORITY then it will fall back to using the cookies
in ~/.Xauthority.

Your ~/.Xauthority file only had an entry for display :10 not :0 in
it, so it wouldn't be good enough on its own.

I think in fedora 8 (although it was a long time ago) we also set up
xhost "localuser" access.  This means if you were on the local machine
and the right username then you would have access without xauth
cookies.  That's probably why it works for you locally.  Not sure why
it would work for you remotely unless you add a cookie to
~/.Xauthority yourself.

> Is there a way i can prevent the setting of the $XAUTHORITY variable
> to the 'bad' value?
In that version of gdm, the location of the auth file is specified by
the UserAuthDir environment variable in the gdm config file.

--Ray

Follow-Ups:
- Re: [gdm-list] strange XAUTHORITY setting
  - From: Josselin Mouette

References:
- [gdm-list] strange XAUTHORITY setting
  - From: jody

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]