Bug#488918: xserver-xephyr: Xephyr/Xnest broken authorization cookie generation (SECURITY extension)

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#488918: xserver-xephyr: Xephyr/Xnest broken authorization cookie generation (SECURITY extension)
From: Liraz Siri <liraz.siri@gmail.com>
Date: Wed, 02 Jul 2008 04:27:53 +0000
Message-id: <[🔎] 20080702042753.4583.59460.reportbug@oasis>
Reply-to: Liraz Siri <liraz.siri@gmail.com>, 488918@bugs.debian.org

Package: xserver-xephyr
Severity: important


For some reason the server does not allow cookies were generated by
xauth (regardless of whether the cookie is a trusted or untrusted type).

Reproducing the bug::

	# create auth
	rm -f /tmp/xauth
	xauth -f /tmp/xauth add :1 . $(mcookie)

	# run xephyr with auth
	Xephyr :1 -auth /tmp/xauth &

	# set Xephyr as X server
	DISPLAY=:1

	# test
	XAUTHORITY=/tmp/xauth xterm

	# now try to connect to the server with a "generated" X
	# authorization
	rm -f /tmp/xauth2

	# generate new authorization cookie into /tmp/xauth2
	XAUTHORITY=/tmp/xauth xauth -f /tmp/xauth2 generate $DISPLAY .

	# test X connection - it fails!
	XAUTHORITY=/tmp/xauth2 xterm

I tested the same sequence of commands with the regular X server and it
worked just fine.

Note that the problem seems to be shared by Xnest as well.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.24-16-386
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)

Reply to:

Prev by Date: Processing of xserver-xorg-video-vesa_2.0.0-1_i386.changes
Next by Date: xserver-xorg-video-vesa_2.0.0-1_i386.changes ACCEPTED
Previous by thread: Processing of xserver-xorg-video-vesa_2.0.0-1_i386.changes
Next by thread: xserver-xorg-video-vesa_2.0.0-1_i386.changes ACCEPTED
Index(es):
- Date
- Thread