Bug#292388: XDM-AUTHORIZATION-1 trouble

To: 292388@bugs.debian.org, 440874@bugs.debian.org
Subject: Bug#292388: XDM-AUTHORIZATION-1 trouble
From: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>
Date: Mon, 11 Feb 2008 00:28:03 +0100
Message-id: <[🔎] 20080210232802.GA3668@pool.math.tu-berlin.de>
Reply-to: Jan Christoph Nordholz <hesso@pool.math.tu-berlin.de>, 292388@bugs.debian.org

Hi Brice, hi Joey,

(simultaneously replying to both bugs because the problem in
the underlying C libraries seems to be identical)

I can provide a short bug summary, maybe it's helpful.

For PF_UNIX connections with an XDM-AUTHORIZATION-1 key, the
client (libx11/libxcb) constructs its 24-byte auth message (which the
server expects to be unique) from the following dynamic parts:
* the time (second granularity)
* the caller's pid
* a nonce

This nonce is generated in libxcb-1.1:src/xcb_auth.c:next_nonce()
by decrementing a function-local persistent (static) counter
variable (the code did not change much compared to the non-xcb
fragment that Bernhard posted to #292388 in 2005):

] static int next_nonce(void)
] {
]     static int nonce = 0;
]     static pthread_mutex_t nonce_mutex = PTHREAD_MUTEX_INITIALIZER;
]     int ret;
]     pthread_mutex_lock(&nonce_mutex);
]     ret = nonce++;
]     pthread_mutex_unlock(&nonce_mutex);
]     return ret;
] }

Thus any unloading of the library will reset the nonce, and doing so
without changing the pid will trigger the bug. One possibility is
execve(), as Bernhard has demonstrated - SDL seems to employ the
other one (un- and reloading libxcb without exec()ing)... on my box,
enigma (among several other SDL games, e.g. kobodeluxe - but let's
stick to enigma for this example) reliably activates the bug:

] jcn@hejre:~$ /usr/games/enigma 
] XDM authorization key matches an existing client!Couldn't initialize SDL: Couldn't open X11 display
] jcn@hejre:~$ ldd /usr/games/enigma | grep lib[SXx]
]         libSDL-1.2.so.0 => /usr/lib/libSDL-1.2.so.0 (0xb7e64000)
]         libSDL_image-1.2.so.0 => /usr/lib/libSDL_image-1.2.so.0 (0xb7e49000)
]         libSDL_mixer-1.2.so.0 => /usr/lib/libSDL_mixer-1.2.so.0 (0xb7de6000)
]         libSDL_ttf-2.0.so.0 => /usr/lib/libSDL_ttf-2.0.so.0 (0xb7de1000)
]         libxerces-c.so.27 => /usr/lib/libxerces-c.so.27 (0xb79f5000)
] jcn@hejre:~$ strace -eopen,socket,connect /usr/games/enigma 
] open("/etc/ld.so.cache", O_RDONLY)      = 4
] open("/usr/lib/libz.so.1", O_RDONLY)    = 4
] open("/usr/lib/libzipios.so.0", O_RDONLY) = 4
] open("/usr/lib/libSDL-1.2.so.0", O_RDONLY) = 4
] open("/usr/lib/libSDL_image-1.2.so.0", O_RDONLY) = 4
] open("/usr/lib/libSDL_mixer-1.2.so.0", O_RDONLY) = 4
] open("/usr/lib/libSDL_ttf-2.0.so.0", O_RDONLY) = 4
] open("/usr/lib/libxerces-c.so.27", O_RDONLY) = 4
] open("/usr/lib/libpng12.so.0", O_RDONLY) = 4
] open("/lib/libdl.so.2", O_RDONLY)       = 4
] open("/usr/lib/libstdc++.so.6", O_RDONLY) = 4
] open("/lib/libm.so.6", O_RDONLY)        = 4
] open("/lib/libgcc_s.so.1", O_RDONLY)    = 4
] open("/lib/libc.so.6", O_RDONLY)        = 4
] open("/lib/libpthread.so.0", O_RDONLY)  = 4
] open("/usr/lib/libasound.so.2", O_RDONLY) = 4
] open("/usr/lib/libdirectfb-1.0.so.0", O_RDONLY) = 4
] open("/usr/lib/libfusion-1.0.so.0", O_RDONLY) = 4
] open("/usr/lib/libdirect-1.0.so.0", O_RDONLY) = 4
] open("/usr/lib/libvga.so.1", O_RDONLY)  = 4
] open("/usr/lib/libjpeg.so.62", O_RDONLY) = 4
] open("/usr/lib/libtiff.so.4", O_RDONLY) = 4
] open("/usr/lib/libmikmod.so.2", O_RDONLY) = 4
] open("/usr/lib/libfreetype.so.6", O_RDONLY) = 4
] open("/usr/lib/libicuuc.so.38", O_RDONLY) = 4
] open("/usr/lib/libicudata.so.38", O_RDONLY) = 4
] open("/usr/share/games/enigma/compat.lua", O_RDONLY) = 4
] open("/usr/share/games/enigma/startup.lua", O_RDONLY) = 4
] open("/usr/share/games/enigma/enigma_conf.lua", O_RDONLY) = 4
] open("/usr/share/games/enigma/enigma_conf.lua2", O_RDONLY) = -1 ENOENT (No such file or directory)
] open("/home/jcn/.enigmarc", O_RDONLY)   = 4
] open("/home/jcn/.enigmarc2", O_RDONLY)  = 4
] open("/home/jcn/.enigmarc.xml", O_RDONLY) = 4
] open("/usr/share/games/enigma/schemas/preferences.xsd", O_RDONLY) = 5
] open("/usr/share/games/enigma/schemas/enigmarc.xml", O_RDONLY) = 4
] open("/usr/share/games/enigma/schemas/preferences.xsd", O_RDONLY) = 5
] open("/usr/lib/locale/locale-archive", O_RDONLY|O_LARGEFILE) = 4

enigma opens an X connection for the first time, pulling the Xlibs in...

] open("/etc/ld.so.cache", O_RDONLY)      = 4
] open("/usr/lib/libX11.so.6", O_RDONLY)  = 4
] open("/usr/lib/libxcb-xlib.so.0", O_RDONLY) = 4
] open("/usr/lib/libxcb.so.1", O_RDONLY)  = 4
] open("/usr/lib/libXau.so.6", O_RDONLY)  = 4
] open("/usr/lib/libXdmcp.so.6", O_RDONLY) = 4
] open("/etc/ld.so.cache", O_RDONLY)      = 4
] open("/usr/lib/libXext.so.6", O_RDONLY) = 4
] open("/etc/ld.so.cache", O_RDONLY)      = 4
] open("/usr/lib/libXrender.so.1", O_RDONLY) = 4
] open("/etc/ld.so.cache", O_RDONLY)      = 4
] open("/usr/lib/libXrandr.so.2", O_RDONLY) = 4
] open("/usr/share/locale/locale.alias", O_RDONLY) = 4
] open("/usr/share/locale/en_IE@euro/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
] open("/usr/share/locale/en@euro/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
] open("/usr/share/locale/en_IE/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
] open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
] socket(PF_FILE, SOCK_STREAM, 0)         = 4
] connect(4, {sa_family=AF_FILE, path="/tmp/.X11-unix/X0"}, 110) = 0
] open("/home/jcn/.Xauthority", O_RDONLY) = 5

And immediately after that, all X libraries are loaded again...

] open("/etc/ld.so.cache", O_RDONLY)      = 4
] open("/usr/lib/libX11.so.6", O_RDONLY)  = 4
] open("/usr/lib/libxcb-xlib.so.0", O_RDONLY) = 4
] open("/usr/lib/libxcb.so.1", O_RDONLY)  = 4
] open("/usr/lib/libXau.so.6", O_RDONLY)  = 4
] open("/usr/lib/libXdmcp.so.6", O_RDONLY) = 4
] open("/etc/ld.so.cache", O_RDONLY)      = 4
] open("/usr/lib/libXext.so.6", O_RDONLY) = 4
] open("/etc/ld.so.cache", O_RDONLY)      = 4
] open("/usr/lib/libXrender.so.1", O_RDONLY) = 4
] open("/etc/ld.so.cache", O_RDONLY)      = 4
] open("/usr/lib/libXrandr.so.2", O_RDONLY) = 4
] socket(PF_FILE, SOCK_STREAM, 0)         = 4
] connect(4, {sa_family=AF_FILE, path="/tmp/.X11-unix/X0"}, 110) = 0
] open("/home/jcn/.Xauthority", O_RDONLY) = 5
] XDM authorization key matches an existing client!Couldn't initialize SDL: Couldn't open X11 display
] Process 28648 detached

I assume that python-pygame is doing something similar. I'm neither
python nor SDL expert, so I'm afraid I can't help any further.

Brice, has there been any upstream comment on this? I know that
bug for ages, but could never find much information about it, so
I assumed my box to be a corner case.


Regards,

Jan

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#292388: XDM-AUTHORIZATION-1 trouble
  - From: "Bernhard R. Link" <brlink@debian.org>

Prev by Date: xfs REMOVED from testing
Next by Date: Bug#465154: Switching to virtual console turns monitor blank
Previous by thread: xfs REMOVED from testing
Next by thread: Bug#292388: XDM-AUTHORIZATION-1 trouble
Index(es):
- Date
- Thread