Is xauth entry without display number valid?

Michal Srb msrb at
Mon Mar 19 09:11:58 UTC 2018

On čtvrtek 15. března 2018 19:45:01 CET Keith Packard wrote:
> According to comments in AuGetBest.c:
> 	/*
> 	 * Match when:
> 	 *   either family or entry->family are FamilyWild or
> 	 *    family and entry->family are the same and
> 	 *     address and entry->address are the same
> 	 *  and
> 	 *   either number or entry->number are empty or
> 	 *    number and entry->number are the same
> 	 *  and
> 	 *   either name or entry->name are empty or
> 	 *    name and entry->name are the same
> 	 */
> This makes it sound like entries with an empty number field are valid
> and would match any incoming number.

Ok, thank you for the clarification!

> After a brief read through the xauth sources, it looks like that
> shouldn't be merging entries with empty number into entries with any
> number, but it also looks like there's no code which sorts entries with
> numbers before entries without numbers, and if the non-number entry
> occurs first in the file, you'll always match that.

It happens because `merge_entries` uses `match_auth` to recognize duplicate 
entries. But `match_auth` is comparing entries using the rules you listed 
above, so e.g. entry without number is merged with entry that has number, 
wildcart entry is merged with anything...

I will prepare patch to change the duplicate recognition by some "normal" 
comparison instead of using the matching rules.

Would it be ok if I also add sorting of the entries to: numbered, non-
numbered, wildcard?

> Suggestions on how to go about making this more sane are welcome; it
> might be best to just stop trying to use entries without numbers and go
> fix applications which are creating them. We could add warnings to
> xauth or even Xau, but I'm not sure that would be useful.

The only application that I am aware of that does this is GDM. They first 
generate the authority file and then start X with "-displayfd", so they don't 
know in advance which display number it will take.

It would be possible to create empty authority file and then fill it after X 
started. No idea how willing would they be to accept such change.

Michal Srb

More information about the xorg mailing list