Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 287498 - x11-apps/xinit(in-tree and 9999): init.d, conf.d, X bugs/improvements
Summary: x11-apps/xinit(in-tree and 9999): init.d, conf.d, X bugs/improvements
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo X packagers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 342661
  Show dependency tree
 
Reported: 2009-10-03 14:11 UTC by Fabio Erculiani (RETIRED)
Modified: 2012-07-20 17:31 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
init.d/xdm unsupported DISPLAYMANAGER improvement patch (xdm.init.d-unsupported-xdm-fixes.patch,544 bytes, patch)
2009-10-03 14:12 UTC, Fabio Erculiani (RETIRED)
Details | Diff
xinit init.d/xdm conf.d/xdm improvements patch (my proposal) (xinit-improve-xdm-support-for-custom-dm.patch,1.96 KB, patch)
2009-10-07 17:41 UTC, Fabio Erculiani (RETIRED)
Details | Diff
xinit init.d/xdm conf.d/xdm improvements patch (my proposal) [against 9999 ebuild] (xinit-improve-xdm-support-for-custom-dm.patch,1.93 KB, patch)
2009-10-10 06:33 UTC, Fabio Erculiani (RETIRED)
Details | Diff
Ubuntu's Xsession.d xhost setup script file (60x11-common_localhost,151 bytes, text/plain)
2009-10-10 06:41 UTC, Fabio Erculiani (RETIRED)
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Fabio Erculiani (RETIRED) gentoo-dev 2009-10-03 14:11:40 UTC
After discussing with scarabeus about upcoming new x11-apps/xinit-9999 (from x11 overlay), he asked me to file a bug listing all the issues, user-side troubles, bugs and improvements I can find (even debatable ones), with patches, where applicable.

1) /etc/init.d/xdm doesn't set PIDFILE for unsupported DISPLAYMANAGER values (in /etc/conf.d/xdm). XDMs that expect to get killed by parent process may hang there forever and avoid "/etc/init.d/xdm restart/stop" to work. So, what about always setting a default PIDFILE for unsupported DISPLAYMANAGERs? (see patch)

2) Changing hostname (like NetworkManager does inside certain networks) makes X exploding (due to invalid MIT-MAGIC-COOKIE-1 afterwards). What about allowing local connections by default? This could be done inside x11-apps/xinit init scripts quite easily. We need to deal with users not expecting that changing hostname makes the world fall over. If you are ok, I can make patch.

3) Also, we all know that sometimes users just don't read directions and common attitude is "echo -5 | etc-update". x11-apps/xinit ships with a default conf.d/xdm file that keeps overwriting user-visible changes (same thing happens with conf.d/keymaps, but that's another story, both very annoying btw). At the moment, conf.d/xdm only contains 2 settings, which are already default, so if you rm conf.d/xdm, you'll get the same behaviour if compared to the default one. So, like /etc/conf.d/net, which is not shipped there and only provided via a .example file, what about shipping instead with /etc/conf.d/xdm.example ?

I am told that filing a single bug was fine, if not, that's not a problem. I can file them separately.

Reproducible: Always

Steps to Reproduce:
Comment 1 Fabio Erculiani (RETIRED) gentoo-dev 2009-10-03 14:12:41 UTC
Created attachment 205917 [details, diff]
init.d/xdm unsupported DISPLAYMANAGER improvement patch
Comment 2 Tomáš Chvátal (RETIRED) gentoo-dev 2009-10-03 14:17:21 UTC
1) looks nice with the patch
3) this should be probably done because i myself know the users doing it this way.
2) here i dunno since i am not user of those network managing tools :]

@Rémy:
Any comments from ya? :]
Comment 3 Fabio Erculiani (RETIRED) gentoo-dev 2009-10-03 14:30:33 UTC
About 2). Just type "hostname gentoooooooo" ;) and new apps won't start anymore.
Comment 4 Rémi Cardona (RETIRED) gentoo-dev 2009-10-03 22:06:34 UTC
1) maybe we can fix them or fix start-stop-daemon too? I don't really know that part very well just yet, I'd have to do more homework. Help welcome though :)

2) I think the default was changed in 1.7. If the new default is to allow all local connections by default, I don't mind backporting that default to 1.6. If not, we'd have to discuss it with the security team, I definitely don't want trouble from such a change.
Another solution would be to talk with NM's maintainers to restrict the hostname change with a new dhcp lease. I'm pretty sure ubuntu does that.

3) NAK, once we're done shifting things around in xinit, there won't be many updates, it's not officially part of Xorg anymore, and doesn't get that many releases.

Users who bindly update their system conf with -5 deserve no sympathy from us. So no, I don't intend to hack around dumb users.
Comment 5 Fabio Erculiani (RETIRED) gentoo-dev 2009-10-05 06:36:51 UTC
(In reply to comment #4)
> 1) maybe we can fix them or fix start-stop-daemon too? I don't really know that
> part very well just yet, I'd have to do more homework. Help welcome though :)
> 

After having pondered a bit more, I think that a better solution is exporting a default PIDFILE value to /etc/conf.d/xdm so that people that are using custom (read: unsupported) DISPLAYMANAGERs can also set its pid file.

> 2) I think the default was changed in 1.7. If the new default is to allow all
> local connections by default, I don't mind backporting that default to 1.6. If
> not, we'd have to discuss it with the security team, I definitely don't want
> trouble from such a change.
> Another solution would be to talk with NM's maintainers to restrict the
> hostname change with a new dhcp lease. I'm pretty sure ubuntu does that.
> 

It's not a matter of NM or something, it's just `hostname somethingelse` that breaks X cookies. If the exact "fix" is in xserver 1.7, fine, otherwise, we should really fix this up (I have this issue since 2001 ;))

> 3) NAK, once we're done shifting things around in xinit, there won't be many
> updates, it's not officially part of Xorg anymore, and doesn't get that many
> releases.
> 
> Users who bindly update their system conf with -5 deserve no sympathy from us.
> So no, I don't intend to hack around dumb users.
> 

I know, but software should always be dumb-proof. No matter what the software does ;) (this IMHO)
Comment 6 Rémi Cardona (RETIRED) gentoo-dev 2009-10-06 13:47:18 UTC
(In reply to comment #5)
> After having pondered a bit more, I think that a better solution is exporting a
> default PIDFILE value to /etc/conf.d/xdm so that people that are using custom
> (read: unsupported) DISPLAYMANAGERs can also set its pid file.

Got a patch for review?

> It's not a matter of NM or something, it's just `hostname somethingelse` that
> breaks X cookies.

Again, got a patch for review?

> If the exact "fix" is in xserver 1.7, fine, otherwise, we
> should really fix this up (I have this issue since 2001 ;))

Come on, be honest here, users don't randomly change their hostnames every morning and dhcp clients can be told to not change the hostname (which IMHO should be the default).

There are much bigger issues to solve than this.

> I know, but software should always be dumb-proof. No matter what the software
> does ;) (this IMHO)

That one is a definitive no. If you want dumb-proof, then remove etc-update's -5 option. I won't bend over backwards on that one because users don't _want_ to do things correctly when we created tools to help them. So again, no.

Thanks
Comment 7 Fabio Erculiani (RETIRED) gentoo-dev 2009-10-07 17:41:30 UTC
Created attachment 206350 [details, diff]
xinit init.d/xdm conf.d/xdm improvements patch (my proposal)

This is the first patch, I tested it with DISPLAYMANAGER= kdm, gdm, xdm and with custom DISPLAYMANAGER w/ and w/o custom PIDFILE set.
Comment 8 Fabio Erculiani (RETIRED) gentoo-dev 2009-10-07 18:01:34 UTC
(In reply to comment #6)
> 
> > It's not a matter of NM or something, it's just `hostname somethingelse` that
> > breaks X cookies.
> 
> Again, got a patch for review?

Ubuntu/RH/SUSE do something like this:
https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/276357 (comment #14 and on)
And host based auth in general is unsafe by definition anyway (just google it ;))

> Come on, be honest here, users don't randomly change their hostnames every
> morning and dhcp clients can be told to not change the hostname (which IMHO
> should be the default).

This is not a good reason. If it can happen, it should be fixed. If it happens once a month, once a year, it doesn't matter, it's broken. And NM just amplified the issue.

> 
> There are much bigger issues to solve than this.
> 

That's not a good reason for ignoring small issues. Let's start from these ones, very annoying. Other issues are discussed in other bugs ;)

> 
> That one is a definitive no. If you want dumb-proof, then remove etc-update's
> -5 option. I won't bend over backwards on that one because users don't _want_
> to do things correctly when we created tools to help them. So again, no.

I understand, but still, we have /usr/share/openrc/<something>/net.example or /etc/conf.d/net.example for a reason, this is more or less the same than /etc/conf.d/xdm. User-visible, critical (for users) settings there.

> 
> Thanks
> 

Thanks to you
Comment 9 Fabio Erculiani (RETIRED) gentoo-dev 2009-10-07 18:03:01 UTC
Reopening, let me know what do you think.
Comment 10 Tomáš Chvátal (RETIRED) gentoo-dev 2009-10-08 13:09:02 UTC
@Fabio:
Please base your patch on the xinit-9999 version, it does not exactly match together ;]
Comment 11 Rémi Cardona (RETIRED) gentoo-dev 2009-10-08 13:21:44 UTC
(In reply to comment #8)
> Ubuntu/RH/SUSE do something like this:
> https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/276357 (comment #14 and on)
> And host based auth in general is unsafe by definition anyway (just google it
> ;))

Well, then what we have now is _very_ secure. No-one can connect and use X! You can't beat that! ;)

On principle, I'm ok with adding this "somewhere" to xinit. Now we just need to define that place.

However, I'd still like the security team to be informed of such changes. They surely know more than us when it comes to security :)

> This is not a good reason. If it can happen, it should be fixed. If it happens
> once a month, once a year, it doesn't matter, it's broken. And NM just
> amplified the issue.

If I were Gentoo's dictator, I would have fixed NM not to do dhcp name changes because I just don't see the point of dhcp clients doing that in the first place. But since I've agreed to RH/Ubuntu's changes, let's just move on, shall we? :)

> I understand, but still, we have /usr/share/openrc/<something>/net.example or
> /etc/conf.d/net.example for a reason, this is more or less the same than
> /etc/conf.d/xdm. User-visible, critical (for users) settings there.

conf.d/net is so free-form that it just doesn't make any sense at all to try to provide anything else but an example file.

All the other conf.d files have a clear structure : variables, values and comments to help users.

xdm clearly falls in that category. And if it weren't for the fuss about the livedvd and all the revbumps that we made in a few days, you wouldn't have even noticed it.

So let's just fix the other bugs, we can always revisit this at a later time if the situation warrants such a change.

Thanks
Comment 12 Fabio Erculiani (RETIRED) gentoo-dev 2009-10-10 06:33:11 UTC
Created attachment 206615 [details, diff]
xinit init.d/xdm conf.d/xdm improvements patch (my proposal) [against 9999 ebuild]
Comment 13 Fabio Erculiani (RETIRED) gentoo-dev 2009-10-10 06:34:46 UTC
Adding security@ to bug, see comment #11
Comment 14 Fabio Erculiani (RETIRED) gentoo-dev 2009-10-10 06:41:20 UTC
Created attachment 206617 [details]
Ubuntu's Xsession.d xhost setup script file

This is the script used by Ubuntu Jaunty taken from their sources to allow local X connections.

See: http://packages.ubuntu.com/jaunty/xorg
Comment 15 Fabio Erculiani (RETIRED) gentoo-dev 2009-10-26 13:02:42 UTC
I pushed to the "sabayon" overlay all the changes to make xinit bulletproof (including ubuntu patch). Have a look here: http://gitweb.sabayon.org/?p=overlay.git;a=commit;h=da52b9098a7336ea80005d38b2845f29426863dd

Any chance to have them merged?
All tested and working.
Comment 16 Rémi Cardona (RETIRED) gentoo-dev 2009-11-05 22:01:02 UTC
xhost patch added to the overlay.

Thanks
Comment 17 Fabio Erculiani (RETIRED) gentoo-dev 2009-11-06 20:53:08 UTC
Thx Remi ;)
Comment 18 Patrik Huber 2009-12-28 22:32:08 UTC
Is it possible, that this is not fixed correctly? I have the following problem:
My normal hostname is "gentoo" and everything works fine. Now if I do "sudo hostname gentoooo", no Xorg application starts, e.g.:

$ gedit
No protocol specified
(gedit:24188): Gtk-WARNING **: cannot open display: :0.0
$ gnome-terminal 
No protocol specified
Failed to parse arguments: Cannot open display: 

If I do "sudo hostname gentoo", everything works fine again. Seems like this fix is not working?


/etc/X11/xinit/xinitrc.d/00-xhost is there with

>[ -x /usr/bin/xhost ] && [ -x /usr/bin/id ] &&
>        xhost +si:localuser:`id -un` > /dev/null 2>&1




# emerge --info
Portage 2.1.7.16 (default/linux/amd64/10.0, gcc-4.4.2, glibc-2.11-r1, 2.6.31-gentoo-r6 x86_64)
=================================================================
System uname: Linux-2.6.31-gentoo-r6-x86_64-Intel-R-_Core-TM-2_Duo_CPU_L9400_@_1.86GHz-with-gentoo-2.0.1
Timestamp of tree: Mon, 28 Dec 2009 18:15:01 +0000
ccache version 2.4 [enabled]
app-shells/bash:     4.0_p35
dev-lang/python:     2.6.4, 3.1.1-r1
dev-util/ccache:     2.4-r8
dev-util/cmake:      2.8.0
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.6.0
sys-apps/sandbox:    2.2
sys-devel/autoconf:  2.13, 2.65
sys-devel/automake:  1.10.3, 1.11.1
sys-devel/binutils:  2.20
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6b
virtual/os-headers:  2.6.30-r1
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA PUEL"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -march=core2 -msse4.1 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -march=core2 -msse4.1 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests ccache distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://mirror.switch.ch/ftp/mirror/gentoo"
LANG="C"
LDFLAGS="-Wl,-O1"
LINGUAS="en"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="X acl acpi amd64 berkdb bzip2 cdr cli consolekit corefonts cracklib crypt cups cxx dbus dri dvd dvdr fortran fuse gdbm gif gnome gnome-keyring gpm gtk hal iconv ipv6 jpeg laptop mmx modules mp3 mudflap multilib ncurses networkmanager nls nptl nptlonly openmp pam pcre perl png policykit pppd pulseaudio python readline reflection session spl sse sse2 ssl svg sysfs tcpd tiff truetype unicode xinerama xorg xulrunner zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev vmmouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="intel vmware" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Comment 19 Rémi Cardona (RETIRED) gentoo-dev 2009-12-28 22:51:22 UTC
(In reply to comment #18)
> Is it possible, that this is not fixed correctly? I have the following problem:
> My normal hostname is "gentoo" and everything works fine. Now if I do "sudo
> hostname gentoooo", no Xorg application starts, e.g.:

I consider startx to be a debugging utility ("does X start ok?"). TBH, I'll only fix this if I'm really really bored. So if you could try to figure out why xhost isn't being called properly, I'd appreciate it. I'll gladly apply fixes/patches.

Adding "set -x" to one of the scripts somewhere will probably help you figure this out.

Thanks
Comment 20 Patrik Huber 2009-12-28 23:00:24 UTC
Sorry to ask, what do you mean with:

> I consider startx to be a debugging utility ("does X start ok?"). 

? I did not talk about startx, did I?
With "no Xorg application starts" I meant - Xorg and gnome load absolutely fine. But all applications like gedit/gnome-terminal etc do not open anymore (see log above).


> So if you could try to figure out why xhost isn't being called properly, I'd appreciate it.
> Adding "set -x" to one of the scripts somewhere will probably help you figure
this out.

I can try this. Thanks for the hint with set -x.

Regards
Comment 21 Fabio Erculiani (RETIRED) gentoo-dev 2009-12-28 23:09:10 UTC
The fix works here. Maybe it doesn't get executed by your login/display manager? What are you using, gdm I guess?
Moreover, could you paste here the output of `stat /etc/X11/xinit/xinitrc.d/00-xhost`?
Last request, could you make sure that such script is "sourced" (actually called) by something during logon phase? (perhaps add something like 'echo "foo" > /tmp/foo')
Comment 22 Patrik Huber 2009-12-29 09:16:44 UTC
I think the problem is solved. xhost was not installed on my system. Maybe, if the script /etc/X11/xinit/xinitrc.d/00-xhost is installed by default, the program xhost should also be a dependency of the x-server? Or how should a user know this?

If I set another hostname than "gentoo", everything starts now - though with

> _IceTransSocketUNIXConnect: Cannot connect to non-local host gentoo
> _IceTransSocketUNIXConnect: Cannot connect to non-local host gentoo
> 
> (gedit:5396): EggSMClient-WARNING **: Failed to connect to the session manager: Could not open network socket

but it runs correctly.

Thanks to you two.
Comment 23 Fabio Erculiani (RETIRED) gentoo-dev 2009-12-29 10:52:49 UTC
Correct, we may want to add xhost to xinit RDEPEND, Rémi?
Comment 24 Rémi Cardona (RETIRED) gentoo-dev 2009-12-29 20:18:08 UTC
Yeah, we can add it to RDEPEND next to xauth. We'll need to also patch the overlay...

Thanks
Comment 25 Fabio Erculiani (RETIRED) gentoo-dev 2010-01-09 22:40:59 UTC
Also, I realized that xhost permissions should be given to root too (and not just to `id -un`). Otherwise apps launched with "sudo" or "su" are unable to talk to X.

If you ack, I can merge both updates. About xhost, it's just a matter of adding:
xhost +si:localuser:root > /dev/null 2>&1
beside the already present xhost command.

Comment 26 Rémi Cardona (RETIRED) gentoo-dev 2010-01-18 19:35:39 UTC
NAK, that's beyond the scope of the current bug.

But feel free to add the xhost dep yourself though, I won't be able to do portage work soon.

Thanks
Comment 27 Lucian Muresan 2010-02-03 22:10:21 UTC
Is it documented somewhere, that a so-called "unsupported" display manager (btw, is there an official, trusted list of those supported besides reading the code of the init.d script?) has to be set with its full path in /etc/conf.d/xdm in order to be used by the init script?

There is also no output in case one sets for example just DISPLAYMANAGER="slim" (like things work with the supported ones) instead of DISPLAYMANAGER="/usr/bin/slim" and slim never starts and no logging is done...

After finding this out, things work well as expected, but a hint about the full path for unsupported display managers in /etc/conf.d/xdm.example would save users of debugging the init script. Also, maybe a clear statement about which the supported ones are would be benefical, or even better, treat all consistently equal if possible in the init script (i.e without the need of giving full path).
Comment 28 Fabio Erculiani (RETIRED) gentoo-dev 2010-04-21 08:42:36 UTC
I think we should officially support slim.
Comment 29 Rémi Cardona (RETIRED) gentoo-dev 2010-04-22 05:43:35 UTC
Slim _is_ supported (since it's in portage) but it's quite buggy and could definitely use more man power to improve it.

Cheers
Comment 30 Fabio Erculiani (RETIRED) gentoo-dev 2010-07-14 10:14:12 UTC
Any update on the slim/other_login_managers support status?
Comment 31 Fabio Erculiani (RETIRED) gentoo-dev 2011-01-22 18:15:35 UTC
Most of the things have been merged to xinit already, is there any reason to keep this bug open?
Comment 32 Fabio Erculiani (RETIRED) gentoo-dev 2012-07-20 17:31:56 UTC
Apparently, no.