Ubuntu
sddm package

[upstream] Two sddm bugs with 16.04 – MIT-Magic cookie unpredictable for VNC / option "hideshell" buggy

Bug #1566542 reported by Dr. Uwe Meyer-Gruhl
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
sddm (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

SDDM with 16.04 LTS introduces two new problems that did not exist with 15.10 or 14.04:

1. The option HideShells in /etc/sddm.conf does not work correctly. When more than one shell is specified, the filter does not work and the matching users are listed in the greeting screen notwithstanding.

2. The xauthority (or MIT-MAGIC-COOKIE) file is no longer at /var/run/sddm/:0 but at an unpredictable location like /var/run/sddm/{ca7d6d45-9b4d-4a92-997e-c9c11081dea1} which is build by including a random UUID in the path. When trying to start x11vnc, for example, that file cannot be found. With 15.10, one could start x11vnc with '/usr/bin/x11vnc -auth /var/run/sddm/:0 -display :0 -rfbauth /etc/vncpasswd -rfbport 5943 -reopen -forever', this is no longer possible.

Especially the second bug is uncool with Ubuntu server for remote root servers.

Versions installed at time of bug-report:
sddm 0.13.0-1ubuntu5: amd64 i386
x11-vnc 0.9.13-1.2build1: amd64 i386

Upstream bug-reports:
[1] https://github.com/sddm/sddm/issues/621
(HideShells not working when multiple shells are specified)_
[2] https://github.com/sddm/sddm/issues/622
(MIT-MAGIC-COOKIE file location is unpredictable)

See original description
Revision history for this message
Flames_in_Paradise (ellisistfroh-deactivatedaccount) wrote :

hi!

I'm not aware if the second problem you are describing is a missing feature in SDDM.

To my opion it would be best to report this directly within the upstream project:

https://github.com/sddm/sddm/issues

Just found an older bug-report [1] that may be related or not.

[1] https://github.com/sddm/sddm/issues/273 (pam_ssh variables are not exported to session)

It will assist to mention the external bug no. here for follow-up.

Changed in sddm (Ubuntu):
status: New → Incomplete
Flames_in_Paradise (ellisistfroh-deactivatedaccount)
Changed in sddm (Ubuntu):
status: Incomplete → New
summary: - Two sddm bugs with 16.04
+ [upstream] Two sddm bugs with 16.04
description: updated
Flames_in_Paradise (ellisistfroh-deactivatedaccount)
summary: - [upstream] Two sddm bugs with 16.04
+ [upstream] Two sddm bugs with 16.04 – MIT-Magic cookie unpredictable for
+ VNC / option "hideshell" buggy
tags: added: kubuntu
tags: added: xenial
Revision history for this message
Flames_in_Paradise (ellisistfroh-deactivatedaccount) wrote :

Just added the information of github-bug-reports into bug-description here.

Flames_in_Paradise (ellisistfroh-deactivatedaccount)
description: updated
Revision history for this message
Flames_in_Paradise (ellisistfroh-deactivatedaccount) wrote :

Added versions of packages to bug-description. Could you check if those apply?

There is also an update-package request for X11-vnc -> bug #1516286 . Looks like this won't happen for Xenial.

Revision history for this message
Dr. Uwe Meyer-Gruhl (meyergru) wrote :

The versions are correct.

I doubt that the update of x11vnc would change anything with regard to the interoperability issue.

As a workaround for that, I resorted to use:

ExecStart=/bin/sh -c '/usr/bin/x11vnc -auth /var/run/sddm/* -display :0 -rfbauth /etc/vncpasswd -rfbport 5943 -reopen -forever'

in /etc/systemd/system/x11vnc. It would not work if more than one X display is in use.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in sddm (Ubuntu):
status: New → Confirmed
Revision history for this message
ITEAS (info-tux-pc) wrote :

maybe this is help to solve it https://bbs.archlinux.org/viewtopic.php?id=200823

Revision history for this message
Dr. Uwe Meyer-Gruhl (meyergru) wrote :

There is an even better fix, however, something like this should be included in the Ubuntu documentation for x11vnc as it is far from obvious...

One can put something like this into /usr/share/sddm/scripts/Xsetup:

/usr/bin/x11vnc -rfbauth /etc/vncpasswd -rfbport 5943 -reopen -forever &

Explanation: $XAUTHORITY and $DISPLAY are set with Xsetup script.

The reason being given for the unpredictable xauth name is that sddm should be able to handle multi-seat. I sets $XAUTHORITY and $DISPLAY for all dependend children, such as /usr/share/sddm/scripts/Xsetup.

In order to start x11vnc, one should include it in Xsetup instead of establishing an independend service in systemd (since x11vnc depends on the real X server, anyway, which in turn is started/controlled by sddm).

Revision history for this message
Dr. Uwe Meyer-Gruhl (meyergru) wrote :

Oh, and BTW: There will be no upstream fix for this, see: https://github.com/sddm/sddm/issues/622

Alberto Salvia Novella (es20490446e)
Changed in sddm (Ubuntu):
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.