Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 286350 - x11-apps/xdm: creates "unsecure" session
Summary: x11-apps/xdm: creates "unsecure" session
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo X packagers
URL:
Whiteboard:
Keywords: Inclusion
Depends on:
Blocks:
 
Reported: 2009-09-25 01:14 UTC by Boney McCracker
Modified: 2009-11-14 15:35 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
patch for xdm-1.1.9.ebuild (xdm-1.1.9-keepdir.diff,419 bytes, patch)
2009-10-25 10:27 UTC, Tim Weber 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Boney McCracker 2009-09-25 01:14:43 UTC 
From /var/log/xdm.log:
------------------------------------------------------------------------------
xdm info (pid 867): Starting
xdm info (pid 867): Starting X server on :0
xdm error (pid 867): cannot make authentication directory /var/lib/xdm/authdir: No such file or directory
------------------------------------------------------------------------------

I imagine the problem might relate to the addition of the following to /etc/xdm/xdm-config:
------------------------------------------------------------------------------
DisplayManager.authDir: /var/lib/xdm
------------------------------------------------------------------------------

I have not tested whether manually creating /var/lib/xdm resolves this problem.

According to the xdm man page, the "DisplayManager.authDir" resource specifies a directory under which  xdm  stores  authorization files  while  initializing  the session.  The default value is /var/lib/xdm.  Can be overridden for specific displays by DisplayManager.DISPLAY.authFile.

Since it looks like we are using the default value, one would expect this to work, unless there is a privileges or permissions problem.

Reproducible: Always

Steps to Reproduce:
start xdm at boot-up
Actual Results:  
xdm displays "This is an unsecure session" instead of the user's welcome text.
xdm.log receives: "cannot make authentication directory /var/lib/xdm/authdir: No such file or directory"

Expected Results:  
the xdm authdir should either be dynamically created or should be created by the ebuild during installation.

~ # emerge --info
Portage 2.1.6.13 (default/linux/x86/10.0, gcc-4.4.1, glibc-2.10.1-r0, 2.6.31-gentoo i686)
=================================================================
System uname: Linux-2.6.31-gentoo-i686-Intel-R-_Pentium-R-_4_CPU_1400MHz-with-gentoo-2.0.1
Timestamp of tree: Thu, 24 Sep 2009 23:45:02 +0000
ccache version 2.4 [enabled]
app-shells/bash:     4.0_p33
dev-java/java-config: 2.1.9-r1
dev-lang/python:     2.6.2-r2
dev-util/ccache:     2.4-r8
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.4.3-r3
sys-apps/sandbox:    2.1
sys-devel/autoconf:  2.13, 2.63-r1
sys-devel/automake:  1.10.2, 1.11
sys-devel/binutils:  2.19.1-r1
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6a
virtual/os-headers:  2.6.30-r1
ACCEPT_KEYWORDS="x86 ~x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=pentium4 -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d"
CXXFLAGS="-O2 -march=pentium4 -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="ccache distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://ftp.gtlib.gatech.edu/pub/gentoo http://gentoo.osuosl.org/ http://open-systems.ufl.edu/mirrors/gentoo "
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
LDFLAGS="-Wl,-O1,--hash-style=gnu"
LINGUAS="en_US en"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage"
USE="X alsa berkdb bzip2 cairo caps cli consolekit cracklib crypt cups dbus dri exif ffmpeg gdbm gif gpm gtk hal iconv java jpeg lcms mmx modules mp3 mudflap ncurses nls nptl nptlonly nsplugin ogg opengl openmp pam pcre perl png python readline reflection session spl sse sse2 ssl svg sysfs theora threads tiff truetype unicode vorbis win32codecs x86 xcb xorg xulrunner zlib" ALSA_CARDS="emu10k1" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev" KERNEL="linux" LINGUAS="en_US en" USERLAND="GNU" VIDEO_CARDS="nv"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Boney McCracker 2009-09-25 01:18:53 UTC 
mkdir /var/lib/xdm eliminated the problem.
Comment 2 Boney McCracker 2009-09-25 01:20:19 UTC 
Severity reduced to "minor" since there's an easy work-around.
Comment 3 Boney McCracker 2009-09-25 01:44:48 UTC 
Also, it seems the old location for the authdir was /etc/xdm.

Whatever creates the new location (/var/lib/xdm) should maybe just move that to the new location, or at least clean up the cruft.
Comment 4 Rémi Cardona (RETIRED) gentoo-dev 2009-10-09 21:50:23 UTC 
1) xorg-x11 is just a meta package.
2) I have no idea what exactly is in that directory so I can't really comment on how insecure that is

Thanks
Comment 5 Tim Weber 2009-10-10 00:24:45 UTC 
It’s insecure if that directory does not exist, since xdm can’t write its authfiles there and authorization is disabled then (see xdm man page, resources “DisplayManager.authDir” and “DisplayManager.DISPLAY.authorize”).

On my machine (xdm 1.1.9), a file /var/lib/xdm/authdir/authfiles/A:0-OL1aab is created when xdm starts. However, this only works when manually creating the /var/lib/xdm directory.

Suggestion: Modify the ebuild to put a .keep file into /var/lib/xdm, then everything is fine.
Comment 6 Mike Gualtieri 2009-10-18 01:12:23 UTC 
Had this problem on an update today... problem is resolved by adding the /var/lib/xdm directory as Tim suggests.
Comment 7 David Holl 2009-10-20 11:29:03 UTC 
Had the same problem today, and creating /var/lib/xdm fixed it.
Comment 8 Tim Weber 2009-10-25 10:27:54 UTC 
Created attachment 208192 [details, diff]
patch for xdm-1.1.9.ebuild

A working patch against the current Ebuild in Portage is attached.

Alternatively, you may use x11-apps/xdm-1.1.9-r1 located in my overlay (see http://scytale.name/proj/overlay/), which also includes an "xconsole" USE flag to remove the (imho) annoying xconsole in xdm.
Comment 9 Tomáš Chvátal (RETIRED) gentoo-dev 2009-10-25 10:31:28 UTC 
Patch is ok from my POV, remi what do you think :]
Comment 10 Rémi Cardona (RETIRED) gentoo-dev 2009-10-25 12:05:32 UTC 
ACK on the patch. Oh and feel free to remove the stable keywords from 1.1.9 if you beat me to it.

Thanks
Comment 11 Rémi Cardona (RETIRED) gentoo-dev 2009-11-14 15:35:49 UTC 
Fixed in 1.1.9 without a revbump since the ebuild is currently p.masked.

Thanks