https://bugzilla.suse.com/show_bug.cgi?id=1174593 https://bugzilla.suse.com/show_bug.cgi?id=1174593#c26 --- Comment #26 from Josef Möllers <josef.moellers@suse.com> --- (In reply to Dr. Werner Fink from comment #25)

(In reply to Josef Möllers from comment #24)

...

(In reply to Dr. Werner Fink from comment #23)

...

On the other hand ... the pam_xauth already running as root knows about the original user and can execute the reading xauth (with option -i) as user werner

I'm not sure what you mean by "knows about the original user". As far as I can see, it does not: PAM_USER is "root", so all traces of the previous user are lost.

At least the pam_unix seems to know

Oct 02 10:46:02 boole sudo[18052]: pam_unix(sudo-i:session): session opened for user root by werner(uid=0)

This pam_unix gets from pam_get_item(pamh, PAM_USER, (void *) &user_name); pam_xauth does pam_get_user(pamh, &user, NULL) +-->retval = pam_set_item(pamh, PAM_USER, resp->resp); which sets PAM_USER to the new user's name tpwd = pam_modutil_getpwnam(pamh, user); : if (debug) { pam_syslog(pamh, LOG_DEBUG, "requesting user %lu/%lu, target user %lu/%lu", (unsigned long) rpwd->pw_uid, (unsigned long) rpwd->pw_gid, (unsigned long) tpwd->pw_uid, (unsigned long) tpwd->pw_gid);

Oct 02 10:46:02 boole sudo[18052]: pam_xauth(sudo-i:session): requesting user 0/0, target user 0/0

Hm ... when collecting this stuff, it occurred to me that pam_xauth could retrieve the old user name prior to calling pam_get_user() ... stay tuned ...

Oct 02 10:46:02 boole sudo[18052]: pam_xauth(sudo-i:session): current and target user are the same, forward X11 Oct 02 10:46:02 boole sudo[18052]: pam_xauth(sudo-i:session): reading keys from `/dev/shm/.xauth.j391gjD' Oct 02 10:46:02 boole sudo[18052]: pam_xauth(sudo-i:session): running "/usr/bin/xauth -f /dev/shm/.xauth.j391gjD nlist :3" as 0/0 Oct 02 10:48:00 boole sudo[18052]: pam_xauth(sudo-i:session): no key

last line does not work as the fifo there is not open with -i

-- You are receiving this mail because: You are on the CC list for the bug.