Is xauth entry without display number valid?
msrb at suse.com
Mon Mar 19 09:11:58 UTC 2018
On čtvrtek 15. března 2018 19:45:01 CET Keith Packard wrote:
> According to comments in AuGetBest.c:
> * Match when:
> * either family or entry->family are FamilyWild or
> * family and entry->family are the same and
> * address and entry->address are the same
> * and
> * either number or entry->number are empty or
> * number and entry->number are the same
> * and
> * either name or entry->name are empty or
> * name and entry->name are the same
> This makes it sound like entries with an empty number field are valid
> and would match any incoming number.
Ok, thank you for the clarification!
> After a brief read through the xauth sources, it looks like that
> shouldn't be merging entries with empty number into entries with any
> number, but it also looks like there's no code which sorts entries with
> numbers before entries without numbers, and if the non-number entry
> occurs first in the file, you'll always match that.
It happens because `merge_entries` uses `match_auth` to recognize duplicate
entries. But `match_auth` is comparing entries using the rules you listed
above, so e.g. entry without number is merged with entry that has number,
wildcart entry is merged with anything...
I will prepare patch to change the duplicate recognition by some "normal"
comparison instead of using the matching rules.
Would it be ok if I also add sorting of the entries to: numbered, non-
> Suggestions on how to go about making this more sane are welcome; it
> might be best to just stop trying to use entries without numbers and go
> fix applications which are creating them. We could add warnings to
> xauth or even Xau, but I'm not sure that would be useful.
The only application that I am aware of that does this is GDM. They first
generate the authority file and then start X with "-displayfd", so they don't
know in advance which display number it will take.
It would be possible to create empty authority file and then fill it after X
started. No idea how willing would they be to accept such change.
More information about the xorg