Bug#488918: xserver-xephyr: Xephyr/Xnest broken authorization cookie generation (SECURITY extension)
Package: xserver-xephyr
Severity: important
For some reason the server does not allow cookies were generated by
xauth (regardless of whether the cookie is a trusted or untrusted type).
Reproducing the bug::
# create auth
rm -f /tmp/xauth
xauth -f /tmp/xauth add :1 . $(mcookie)
# run xephyr with auth
Xephyr :1 -auth /tmp/xauth &
# set Xephyr as X server
DISPLAY=:1
# test
XAUTHORITY=/tmp/xauth xterm
# now try to connect to the server with a "generated" X
# authorization
rm -f /tmp/xauth2
# generate new authorization cookie into /tmp/xauth2
XAUTHORITY=/tmp/xauth xauth -f /tmp/xauth2 generate $DISPLAY .
# test X connection - it fails!
XAUTHORITY=/tmp/xauth2 xterm
I tested the same sequence of commands with the regular X server and it
worked just fine.
Note that the problem seems to be shared by Xnest as well.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.24-16-386
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Reply to: