gsmartcontrol, gparted problems with userhelper and X credentials?
Adam Jackson
ajax at redhat.com
Tue Jan 3 17:22:11 UTC 2012
On 12/23/11 5:14 AM, Eric Smith wrote:
> I wrote:
> > Now if I try to launch gsmartcontrol from the Gnome Shell, I get
> > the prompt from userhelper for my password, but it fails to run.
> > From the command line, the same thing happens, but at least it
> > shows the error message "Gtk-WARNING **: cannot open display: :0".
>
> I withdraw the question. After rebooting the system, gsmartcontrol and
> gparted both work fine. I'm not sure what went wrong before.
I am.
You moved between networks, which caused your hostname to change [1].
This meant that the xauth cookie for your current session no longer
matched, because it embeds the hostname, because the spec says that's
what you do.
We set up X with two levels of authentication. The second is the
traditional xauth cookie mechanism, but the first matches against UID
instead [2]:
% DISPLAY=:0 xhost
access control enabled, only authorized clients can connect
SI:localuser:ajax
So this keeps normal users from being affected when the hostname
changes. But once you've switched UID you fall back to the xauth cookie
and things break.
I wrote a patch for this once:
https://bugzilla.redhat.com/show_bug.cgi?id=679486#c43
And it got no conclusive testing or whatever, I forget. The patch
itself is in package git, although not enabled in the libXau build:
http://pkgs.fedoraproject.org/gitweb/?p=libXau.git;a=commitdiff;h=bdfc287eca3dfeaf457d7607763beae782f0004b
If someone wanted to test it, that'd rule.
[1] - This is debateably correct.
[2] - The real reason we do this is because it eliminates the security
issues if your ~ is on NFS, and because it keeps you from needing to
touch (ie, wake up) the disk in the common case.
- ajax
More information about the devel
mailing list