Bug#884945: xdm: opens TCP port for (XDMCP?) LISTEN
Package: xdm
Version: 1:1.1.11-3
Severity: normal
Dear Maintainer,
When configured for XDMCP (to LISTEN on UDP port 177), xdm also opens
a random, high-numbered TCP (tcp6, IPv6) port to LISTEN. Currently my
xdm shows:
root@p639:~# netstat -anp | grep xdm
tcp6 0 0 :::51359 :::* LISTEN 2471/xdm
udp 0 0 0.0.0.0:177 0.0.0.0:* 2471/xdm
unix 3 [ ] STREAM CONNECTED 4867 2471/xdm
root@p639:~# lsof -p 2471 | grep -E -i 'udp|tcp|unix'
xdm 2471 root 1u unix 0xffff880118ee7480 0t0 4867 type=STREAM
xdm 2471 root 3u IPv6 8097 0t0 TCP *:51359 (LISTEN)
xdm 2471 root 4u IPv4 6954 0t0 UDP *:xdmcp
root@p639:~#
I wonder whether this is a recurrence of bug#239341.
Please let me know if I should investigate further.
Thanks, Paul
Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- System Information:
Debian Release: 9.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (x86_64)
Kernel: Linux 4.9.65-pk09.06-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages xdm depends on:
ii cpp 4:6.3.0-4
ii debconf [debconf-2.0] 1.5.61
ii libc6 2.24-11+deb9u1
ii libpam0g 1.1.8-3.6
ii libselinux1 2.6-3+b3
ii libx11-6 2:1.6.4-3
ii libxau6 1:1.0.8-1
ii libxaw7 2:1.0.13-1+b2
ii libxdmcp6 1:1.1.2-3
ii libxext6 2:1.3.3-1+b2
ii libxft2 2.3.2-1+b2
ii libxinerama1 2:1.1.3-1+b3
ii libxmu6 2:1.1.2-2
ii libxpm4 1:3.5.12-1
ii libxrender1 1:0.9.10-1
ii libxt6 1:1.1.5-1
ii lsb-base 9.20161125
ii procps 2:3.3.12-3
ii x11-utils 7.7+3+b1
ii x11-xserver-utils 7.7+7+b1
ii xbase-clients 1:7.7+19
xdm recommends no packages.
xdm suggests no packages.
-- Configuration Files:
/etc/X11/xdm/Xaccess changed:
* #any host can get a login window
LISTEN 0.0.0.0
/etc/X11/xdm/Xresources changed:
Xcursor.theme: whiteglass
xlogin*login.translations: #override \
<Key>Escape: abort-display()\n\
Ctrl<Key>R: abort-display()\n\
<Key>F11: set-session-argument(failsafe)\n\
<Key>Delete: delete-character()\n\
<Key>Left: move-backward-character()\n\
<Key>Right: move-forward-character()\n\
<Key>Home: move-to-begining()\n\
<Key>End: move-to-end()\n\
<Key>Tab: finish-field()\n\
<Key>Return: finish-field()\n\
<Key>KP_Enter: finish-field()
!xlogin*greeting: Welcome to CLIENTHOST
!xlogin*namePrompt: \040\040\040\040\040\040\040Login:
!xlogin*fail: Login incorrect or forbidden by policy
xlogin*greeting: CLIENTHOST
xlogin*namePrompt: \040\040\040\040\040\040Login:
!!! Should not this come from PAM??
xlogin*fail: Login incorrect
xlogin.Login.echoPasswd: true
xlogin.Login.echoPasswdChar: *
xlogin*greetFont: -adobe-helvetica-bold-o-normal--24-240-75-75-p-138-iso8859-1
xlogin*font: -adobe-helvetica-medium-r-normal--18-180-75-75-p-98-iso8859-1
xlogin*promptFont: -adobe-helvetica-bold-r-normal--18-180-75-75-p-103-iso8859-1
xlogin*failFont: -adobe-helvetica-bold-r-normal--18-180-75-75-p-103-iso8859-1
xlogin*greetFace: Serif-24:bold:italic
xlogin*face: Helvetica-18
xlogin*promptFace: Helvetica-18:bold
xlogin*failFace: Helvetica-18:bold
xlogin*greetFont: -adobe-helvetica-bold-o-normal--17-120-100-100-p-92-iso8859-1
xlogin*font: -adobe-helvetica-medium-r-normal--12-120-75-75-p-67-iso8859-1
xlogin*promptFont: -adobe-helvetica-bold-r-normal--12-120-75-75-p-70-iso8859-1
xlogin*failFont: -adobe-helvetica-bold-o-normal--14-140-75-75-p-82-iso8859-1
xlogin*greetFace: Serif-18:bold:italic
xlogin*face: Helvetica-12
xlogin*promptFace: Helvetica-12:bold
xlogin*failFace: Helvetica-14:bold
xlogin*borderWidth: 1
xlogin*frameWidth: 5
xlogin*innerFramesWidth: 2
xlogin*shdColor: grey30
xlogin*hiColor: grey90
xlogin*background: grey
!xlogin*foreground: darkgreen
xlogin*greetColor: Blue3
xlogin*failColor: red
*Foreground: black
*Background: #fffff0
xlogin*borderWidth: 3
xlogin*frameWidth: 0
xlogin*innerFramesWidth: 1
xlogin*shdColor: black
xlogin*hiColor: black
!! No logo, we have background
!#if PLANES >= 8
!xlogin*logoFileName: /usr/share/X11/xdm/pixmaps/debian.xpm
!#else
!xlogin*logoFileName: /usr/share/X11/xdm/pixmaps/debianbw.xpm
!#endif
!xlogin*useShape: true
!xlogin*logoPadding: 10
XConsole.text.geometry: 480x130
XConsole.verbose: true
XConsole*iconic: true
XConsole*font: fixed
Chooser*geometry: 700x500+300+200
Chooser*allowShellResize: false
Chooser*viewport.forceBars: true
Chooser*label.font: *-new century schoolbook-bold-i-normal-*-240-*
Chooser*label.label: XDMCP Host Menu from CLIENTHOST
Chooser*list.font: -*-*-medium-r-normal-*-*-230-*-*-c-*-iso8859-1
Chooser*Command.font: *-new century schoolbook-bold-r-normal-*-180-*
/etc/X11/xdm/Xsession changed:
OPTIONFILE=/etc/X11/Xsession.options
SYSRESOURCES=/etc/X11/Xresources
USRRESOURCES=$HOME/.Xresources
SYSSESSIONDIR=/etc/X11/Xsession.d
USERXSESSION=$HOME/.xsession
USERXSESSIONRC=$HOME/.xsessionrc
ALTUSERXSESSION=$HOME/.Xsession
PROGNAME="$0"
showmsg () {
# pretty-print messages of arbitrary length; use xmessage if it
# is available and $DISPLAY is set
MESSAGE="$PROGNAME: $*"
echo "$MESSAGE" | fold -s -w ${COLUMNS:-80} >&2
if [ -n "$DISPLAY" ]; then
if [ -n "$zenity" ]; then
"$zenity" --info --text "$MESSAGE"
elif [ -n "$xmessage" ]; then
echo "$MESSAGE" | fold -s -w ${COLUMNS:-80} | $xmessage -center -file -
fi
fi
}
message () {
# Because scripts in /etc/X11/Xsession.d/* use message()
showmsg "$*"
}
errormsg () {
# exit script with error
showmsg "$*"
exit 1
}
run_parts () {
# until run-parts --noexec is implemented
if [ -z "$1" ]; then
errormsg "run_parts() called without an argument."
fi
if [ ! -d "$1" ]; then
errormsg "run_parts() called, but \"$1\" does not exist or is" \
"not a directory."
fi
for F in $(/bin/ls $1); do
if expr "$F" : '[[:alnum:]_-]\+$' > /dev/null 2>&1; then
if [ -f "$1/$F" ]; then
echo "$1/$F"
fi
fi
done
}
ERRFILE="$HOME/.xsession-errors"
[ -f $ERRFILE ] || rm -rf $ERRFILE
if (umask 077 && touch "$ERRFILE") 2> /dev/null &&
[ -f "$ERRFILE" ] &&
[ -w "$ERRFILE" ] &&
[ ! -L "$ERRFILE" ] &&
chmod 600 "$ERRFILE" &&
: > "$ERRFILE"; then
SUCCESS=true
else
errormsg "unable to create $ERRFILE, aborting."
fi
exec >>"$ERRFILE" 2>&1
echo "$0: X session started for $LOGNAME at $(date)"
cd $HOME
test -f /etc/profile && . /etc/profile
test -f "$HOME/.profile" && . "$HOME/.profile"
test -f /etc/xprofile && . /etc/xprofile
test -f "$HOME/.xprofile" && . "$HOME/.xprofile"
zenity=`which zenity 2>/dev/null`
xmessage=`which xmessage 2>/dev/null`
command="$*"
if [ -z "$command" ] ; then
command='(no command specified)'
fi
usermodmap="$HOME/.Xmodmap"
userxkbmap="$HOME/.Xkbmap"
if [ -f "$userxkbmap" ]; then
setxkbmap `cat "$userxkbmap"`
XKB_IN_USE=yes
fi
if [ -z "$XKB_IN_USE" ]; then
if [ -f "$usermodmap" ]; then
xmodmap "$usermodmap"
fi
fi
unset XKB_IN_USE
WAS=`xauth list 2>&1`
xauth list 2>/dev/null | perl -ne '
($h,$s,$m,$c)=m/^#ffff#((?:3\d|2e)*)#:(\S+)\s+(MIT\S+)\s+([0-9a-f]{32})$/ and
$h=~s/2e/./g and $h=~s/3(\d)/$1/g and
system "xauth add $h:$s $m $c";
exit'
NOW=`xauth list 2>&1`
if [ "$WAS" != "$NOW" ]; then
echo
echo "xauth before fix:"
echo "$WAS"
echo
echo "xauth after fix:"
echo "$NOW"
echo
fi
xlsclients -l | perl -ne '
if (m/^Window (0x\w+):$/) { $w = $1; }
if (m/Command: ptkmessage/) {
$km = 1;
print "Killing ptkmessage at $w\n";
system "xkill -id $w >/dev/null";
}
END { $km or print "No ptkmessage seen in xlsclients\n"; }
'
dmrcdefault='/usr/lib/gnome-flashback/gnome-flashback-metacity'
DMRCFILE="$HOME/.dmrc"
case "$command" in
'' | default | '(no command specified)' )
# User chose "system default" session, which is default.
# See if user has something more sensible in ~/.dmrc already.
# The GDM3 default is gnome-session; that works from GDM3,
# but fails otherwise (why? complains about world rw access to
# /dev/dri/card0, but still fails).
# Seems that GDM3 needs
# dpkg-reconfigure libpam-runtime
# 1. Unix authentication
# 2. Register user sessions in the systemd control group hierarchy
# Would gnome-session need any more when started from outside GDM3?
# (Flashback below is happy with just Unix authentication.)
# Use "gnome classic" gnome-session-flashback as default.
# Need:
# apt-get install gnome-session-flashback
# ln -s /usr/lib/gnome-panel/gnome-session-flashback /usr/bin/
# Bizarre: that is just "gnome-session --session=gnome-flashback".
# Reminder: we need Alt-rightclick (not just rightclick) to
# arrange menus (panel items) in gnome-session-flashback.
if [ -f "$DMRCFILE" ]; then
dmrcsess=$(perl -ne 's/^\s*Session\s*=\s*(\S.*\S)\s*$/$1/ and print,exit' "$DMRCFILE")
if [ -n "$dmrcsess" ]; then
case "$dmrcsess" in
gnome | default | gnome-session-flashback )
# Was "gnome" at squeeze gdm, it is "gome-session" at gdm3;
# but as commented above, using our default instead.
echo "$0: ~/.dmrc has Session=$dmrcsess but using $dmrcdefault instead"
dmrcsess="$dmrcdefault"
;;
* )
X=`perl -ne 'print,exit if s/^Exec=//' /usr/share/xsessions/$dmrcsess.desktop 2>&-`
if [ -n "$X" -a "$X" != "$dmrcsess" ]; then
echo "$0: ~/.dmrc has Session=$dmrcsess but using $X (Exec in /usr/share/xsessions/$dmrcsess.desktop) instead"
dmrcsess="$X"
fi
;;
esac
echo "$0: Using Session=$dmrcsess from ~/.dmrc instead of $command"
set -- $dmrcsess
command="$*"
else
echo "$0: No Session=... line in ~/.dmrc so keep using $command"
fi
else
#echo "$0: No file ~/.dmrc so keep using $1"
echo "$0: No file ~/.dmrc so using $dmrcdefault instead of $command"
set -- $dmrcdefault
command="$*"
fi
;;
failsafe )
echo "$0 failsafe session. Not recording in $DMRCFILE"
# Do an xterm now... failsafe does NOT work via SESSIONFILES,
# would use x-terminal-emulator and that says
# Error constructing proxy for org.gnome.Terminal:/org/gnome/Terminal/Factory0: Error calling StartServiceByName for org.gnome.Terminal: GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildExited: Process org.gnome.Terminal exited with status 8
# in $ERRFILE.
# Show message but without waiting for OK
( showmsg "
Failsafe session: just an xterm.
Windows have focus only if you have the cursor above them.
Type 'exit' in the xterm window when done.
"; ) &
#exec x-terminal-emulator -geometry 80x24+0+0
exec xterm -geometry 80x24+0+0
;;
* )
# Got some (non-trivial?) session selection, record it in ~/.dmrc
# in standard format
echo -e "[Desktop]\nSession=$command" > "$DMRCFILE"
echo "$0: Recorded Session=$command in ~/.dmrc"
;;
esac
echo "Doing x11proxy switch at `date +%T.%N` ..."
X=`/usr/sms/bin/x11proxy 2>&1`
D=
case "$X" in
'' | *' '* ) ;;
DISPLAY=* ) D="${X#DISPLAY=}";;
esac
if [ -n "$D" ]; then
echo "Using x11proxy: switching from $DISPLAY to DISPLAY=$D"
export NXPROXY_DISPLAY="$DISPLAY"
export DISPLAY="$D"
case "$DISPLAY" in
como* | bari* ) # On como or bari only (no use elsewhere)
# Set PULSE_SERVER for (possible, later) yt-pa-start
export PULSE_SERVER="${NXPROXY_DISPLAY%:*}"
;;
esac
else
echo "Cannot use x11proxy, it said:"
echo "$X"
fi
echo " ... done x11proxy at `date +%T.%N`"
SESSIONFILES=$(run_parts $SYSSESSIONDIR)
if [ -n "$SESSIONFILES" ]; then
for SESSIONFILE in $SESSIONFILES; do
. $SESSIONFILE
done
fi
echo "$0: Executing $command failed, will try to run xterm"
( showmsg "
Could not start your $command session,
so have started the failsafe xterm session, instead.
Windows have focus only if you have the cursor above them.
Type 'exit' in the xterm window when done.
"; ) &
exec xterm -geometry 80x24+0+0
/etc/X11/xdm/Xsetup changed:
xsetbg /usr/share/images/desktop-base/moreblue-orbit-wallpaper-widescreen.jpg
/usr/sms/bin/ptkmessage -geometry -50-20 /usr/sms/etc/ICTRPolicy-banner &
/etc/X11/xdm/xdm-config changed:
!
!
!
!
!
DisplayManager.authDir: /var/lib/xdm
DisplayManager.errorLogFile: /var/log/xdm.log
DisplayManager.pidFile: /var/run/xdm.pid
DisplayManager.keyFile: /etc/X11/xdm/xdm-keys
DisplayManager.servers: /etc/X11/xdm/Xservers
DisplayManager.accessFile: /etc/X11/xdm/Xaccess
DisplayManager*resources: /etc/X11/xdm/Xresources
DisplayManager.willing: su nobody -s /bin/sh -c /etc/X11/xdm/Xwilling
! All displays should use authorization, but we cannot be sure
! X terminals will be configured to support it, so those that do not will
! require individual resource settings.
DisplayManager*authorize: true
!
DisplayManager*chooser: /usr/lib/X11/xdm/chooser
DisplayManager*startup: /etc/X11/xdm/Xstartup
DisplayManager*session: /etc/X11/xdm/Xsession
DisplayManager*setup: /etc/X11/xdm/Xsetup
DisplayManager*reset: /etc/X11/xdm/Xreset
DisplayManager*authComplain: true
DisplayManager*loginmoveInterval: 10
! SECURITY: do not listen for XDMCP or Chooser requests
! Comment out this line if you want to manage X terminals with xdm
! Allow XDMCP: just comment out, or hard-code port 177 that we know is right?
DisplayManager.requestPort: 177
/etc/X11/xdm/xdm.options changed:
no-ignore-nologin
no-restart-on-upgrade
no-start-on-install
use-sessreg
-- debconf information:
* shared/default-x-display-manager: xdm
xdm/stop_running_server_with_children: false
xdm/daemon_name: /usr/bin/xdm
Reply to: