Despite building a system with the -X flag, the pam_env.conf will contain the XAUTHORITY variable. pam_env.conf: XAUTHORITY DEFAULT= OVERRIDE=@{XAUTHORITY} This results in the following types of errors in the logs until it is commented out: Apr 7 22:30:01 host.domain.com PAM-env[21275]: Unknown PAM_ITEM: <XAUTHORITY> Apr 7 22:30:01 host.domain.com sshd[21275]: PAM pam_putenv: delete non-existent entry; XAUTHORITY Reproducible: Always Steps to Reproduce: This behavior was identical on 10 seperate (though similar) builds. Expected Results: If the system doesn't have X support at all (ex: a web server), it shouldn't complain in the logs about XAUTHORITY missing by default.
This is not a security bug.
It is a problem with the default PAM config. If it isn't a security bug, what kind of bug is it?
*** Bug 89001 has been marked as a duplicate of this bug. ***
Kirk, try the following: REMOTEHOST DEFAULT=localhost OVERRIDE=@{PAM_RHOST} DISPLAY DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY} #XAUTHORITY DEFAULT= OVERRIDE=@{XAUTHORITY} i.e., the first line is changed, DISPLAY stays as is and XAUTHORITY is commented out. This is IMHO caused by the "fix" introduced in Bug 69925.
I have reverted that "fix" in February already.