Debian Bug report logs - #616667
X server crash due to "xauth generate" with large timeout

version graph

Package: xserver-xorg-core; Maintainer for xserver-xorg-core is Debian X Strike Force <debian-x@lists.debian.org>; Source for xserver-xorg-core is src:xorg-server (PTS, buildd, popcon).

Reported by: Ian Jackson <ijackson@chiark.greenend.org.uk>

Date: Sun, 6 Mar 2011 12:36:02 UTC

Severity: important

Found in version xorg-server/2:1.7.7-11

Forwarded to https://bugs.freedesktop.org/show_bug.cgi?id=35066

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#616667; Package xserver-xorg. (Sun, 06 Mar 2011 12:36:04 GMT) (full text, mbox, link).

Acknowledgement sent to Ian Jackson <ijackson@chiark.greenend.org.uk>:
New Bug report received and forwarded. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Sun, 06 Mar 2011 12:36:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Ian Jackson <ijackson@chiark.greenend.org.uk>
To: submit@bugs.debian.org
Subject: X server crash due to "xauth generate" with large timeout
Date: Sun, 6 Mar 2011 12:32:21 +0000
Package: xserver-xorg
Version: 1:7.5+8

To reproduce:
 cp .Xauthority private/tmpfile
 xauth -f private/tmpfile generate $DISPLAY . untrusted timeout 1000000000

Actual behaviour:
My X server died.  The log message was:
 X: ../../Xext/security.c:323: SecurityAuthorizationExpired: Assertion `pAuth->timer == timer' failed.
 XIO:  fatal IO error 11 (Resource temporarily unavailable) on X server ":0.0"
       after 7385 requests (7224 known processed) with 0 events remaining.

Desired behaviour:
X auth cookie is replaced in private/tmpfile and X server does not
crash.  Alternatively, an error message (eg, that the timeout is too
large, or that the X request failed).

I was trying to make an untrusted cookie which would not time out.
Unfortunately that does not appear to be possible.  A timeout value of
1000000 seems to work; 10000000 crashes the server.

Ian.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#616667; Package xserver-xorg. (Sun, 06 Mar 2011 13:39:06 GMT) (full text, mbox, link).

Acknowledgement sent to Cyril Brulebois <kibi@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Sun, 06 Mar 2011 13:39:06 GMT) (full text, mbox, link).

Message #10 received at 616667@bugs.debian.org (full text, mbox, reply):

From: Cyril Brulebois <kibi@debian.org>
To: Ian Jackson <ijackson@chiark.greenend.org.uk>, 616667@bugs.debian.org
Subject: Re: Bug#616667: X server crash due to "xauth generate" with large timeout
Date: Sun, 6 Mar 2011 14:34:29 +0100
[Message part 1 (text/plain, inline)]
severity 616667 important
reassign 616667 xserver-xorg-core
found    616667 2:1.7.7-11
user     debian-x@lists.debian.org
usertag  squeeze-candidate
thanks

Hi Ian,

Ian Jackson <ijackson@chiark.greenend.org.uk> (06/03/2011):
> Package: xserver-xorg
> Version: 1:7.5+8
> 
> To reproduce:
>  cp .Xauthority private/tmpfile
>  xauth -f private/tmpfile generate $DISPLAY . untrusted timeout 1000000000
> 
> Actual behaviour:
> My X server died.  The log message was:
>  X: ../../Xext/security.c:323: SecurityAuthorizationExpired: Assertion `pAuth->timer == timer' failed.

ouch. Tagging as something we might want to fix in squeeze (until it's
investigated anyway).

XIO:  fatal IO error 11 (Resource temporarily unavailable) on X server ":0.0"
>        after 7385 requests (7224 known processed) with 0 events remaining.
> 
> Desired behaviour:
> X auth cookie is replaced in private/tmpfile and X server does not
> crash.  Alternatively, an error message (eg, that the timeout is too
> large, or that the X request failed).
> 
> I was trying to make an untrusted cookie which would not time out.
> Unfortunately that does not appear to be possible.  A timeout value of
> 1000000 seems to work; 10000000 crashes the server.

With 2:1.9.99.903-1, I'm getting:
| -(cyril@talisker)-(/tmp)-()
| $ xauth -f private generate $DISPLAY . untrusted timeout 1000000000
| xauth: (argv):1:  couldn't query Security extension on display ":42.0"

Will see if that's expected once I get some more info from a squeeze
system.

KiBi.

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#616667; Package xserver-xorg. (Sun, 06 Mar 2011 13:39:08 GMT) (full text, mbox, link).

Acknowledgement sent to Ian Jackson <ijackson@chiark.greenend.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Sun, 06 Mar 2011 13:39:08 GMT) (full text, mbox, link).

Message #15 received at 616667@bugs.debian.org (full text, mbox, reply):

From: Ian Jackson <ijackson@chiark.greenend.org.uk>
To: 616667@bugs.debian.org
Subject: Re: Bug#616667: X server crash due to "xauth generate" with large timeout
Date: Sun, 6 Mar 2011 13:37:27 +0000
Cyril Brulebois writes ("Re: Bug#616667: X server crash due to "xauth generate" with large timeout"):
> With 2:1.9.99.903-1, I'm getting:
> | -(cyril@talisker)-(/tmp)-()
> | $ xauth -f private generate $DISPLAY . untrusted timeout 1000000000
> | xauth: (argv):1:  couldn't query Security extension on display ":42.0"
> 
> Will see if that's expected once I get some more info from a squeeze
> system.

"xauth generate" _replaces_ the cookie in the specified xauthority
file with an untrusted one.  That error message is the one you get if
you _already_ have an untrusted cookie in your xauthority file - ie,
if you run "xauth generate" for the second time without running the
"cp" again.

If you ran xauth generate without the -f option then I'm afraid you
have busticated your session.

Of course it may be that that error message is also the one you get if
a fixed server rejects your big timeout, but that should be easy
enough to test ...

Ian.

Severity set to 'important' from 'normal' Request was from Cyril Brulebois <kibi@debian.org> to control@bugs.debian.org. (Sun, 06 Mar 2011 13:39:10 GMT) (full text, mbox, link).

Bug reassigned from package 'xserver-xorg' to 'xserver-xorg-core'. Request was from Cyril Brulebois <kibi@debian.org> to control@bugs.debian.org. (Sun, 06 Mar 2011 13:39:10 GMT) (full text, mbox, link).

Bug No longer marked as found in versions xorg/1:7.5+8. Request was from Cyril Brulebois <kibi@debian.org> to control@bugs.debian.org. (Sun, 06 Mar 2011 13:39:11 GMT) (full text, mbox, link).

Bug Marked as found in versions xorg-server/2:1.7.7-11. Request was from Cyril Brulebois <kibi@debian.org> to control@bugs.debian.org. (Sun, 06 Mar 2011 13:39:12 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#616667; Package xserver-xorg-core. (Sun, 06 Mar 2011 15:30:03 GMT) (full text, mbox, link).

Acknowledgement sent to Cyril Brulebois <kibi@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Sun, 06 Mar 2011 15:30:03 GMT) (full text, mbox, link).

Message #28 received at 616667@bugs.debian.org (full text, mbox, reply):

From: Cyril Brulebois <kibi@debian.org>
To: Ian Jackson <ijackson@chiark.greenend.org.uk>, 616667@bugs.debian.org
Subject: Re: Bug#616667: X server crash due to "xauth generate" with large timeout
Date: Sun, 6 Mar 2011 16:28:36 +0100
[Message part 1 (text/plain, inline)]
Ian Jackson <ijackson@chiark.greenend.org.uk> (06/03/2011):
> "xauth generate" _replaces_ the cookie in the specified xauthority
> file with an untrusted one.  That error message is the one you get
> if you _already_ have an untrusted cookie in your xauthority file -
> ie, if you run "xauth generate" for the second time without running
> the "cp" again.

No. What I got was due to #599657, still affecting sid/experimental.

KiBi.

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#616667; Package xserver-xorg-core. (Sun, 06 Mar 2011 19:48:05 GMT) (full text, mbox, link).

Acknowledgement sent to Cyril Brulebois <kibi@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Sun, 06 Mar 2011 19:48:05 GMT) (full text, mbox, link).

Message #33 received at 616667@bugs.debian.org (full text, mbox, reply):

From: Cyril Brulebois <kibi@debian.org>
To: Ian Jackson <ijackson@chiark.greenend.org.uk>, 616667@bugs.debian.org
Subject: Re: Bug#616667: X server crash due to "xauth generate" with large timeout
Date: Sun, 6 Mar 2011 20:44:36 +0100
[Message part 1 (text/plain, inline)]
forwarded 616667 https://bugs.freedesktop.org/show_bug.cgi?id=35066
thanks

Cyril Brulebois <kibi@debian.org> (06/03/2011):
> ouch. Tagging as something we might want to fix in squeeze (until
> it's investigated anyway).

Either I screwed up the analysis, or that's a bit silly. See the
upstream bug report for more info. Patches went to xorg-devel@ a few
seconds ago.

I guess the upcoming fixes will be backported to 1.7 and 1.9 branches,
so will probably land in r2 (xorg-server for r1 has already been
uploaded, I'm not sure we're going to have time to perform a new
upload just for that bug — or if it's worth it anyway).

KiBi.

[signature.asc (application/pgp-signature, inline)]

Set Bug forwarded-to-address to 'https://bugs.freedesktop.org/show_bug.cgi?id=35066'. Request was from Cyril Brulebois <kibi@debian.org> to control@bugs.debian.org. (Sun, 06 Mar 2011 19:48:07 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian X Strike Force <debian-x@lists.debian.org>:
Bug#616667; Package xserver-xorg-core. (Wed, 21 Aug 2019 17:03:06 GMT) (full text, mbox, link).

Acknowledgement sent to Andrei Gudkov <gudokk@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian X Strike Force <debian-x@lists.debian.org>. (Wed, 21 Aug 2019 17:03:06 GMT) (full text, mbox, link).

Message #40 received at 616667@bugs.debian.org (full text, mbox, reply):

From: Andrei Gudkov <gudokk@gmail.com>
To: 616667@bugs.debian.org
Subject: X server crash due to "xauth generate" with large timeout
Date: Wed, 21 Aug 2019 20:01:36 +0300
[Message part 1 (text/plain, inline)]
Hi guys, 


[Message part 2 (text/html, inline)]

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 30 21:49:32 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.