Bug 372197 - wrong XAUTHORITY setting leads to crashing kscreenlocker_greeter
Summary: wrong XAUTHORITY setting leads to crashing kscreenlocker_greeter
Status: RESOLVED NOT A BUG
Alias: None
Product: kscreenlocker
Classification: Plasma
Component: greeter (show other bugs)
Version: unspecified
Platform: openSUSE Linux
: NOR normal
Target Milestone: ---
Assignee: Plasma Bugs List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-11-07 21:01 UTC by Stefan Brüns
Modified: 2016-11-12 16:39 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Brüns 2016-11-07 21:01:51 UTC
ksmserver somehow gets an erroneous XAUTHORITY setting:

$> cat /proc/2453/environ | tr '\0' '\n' | grep XAUTHORITY
XAUTHORITY=/home/sbruens/.Xauthority

whereas everything else in the session has:
$> echo $XAUTHORITY 
/tmp/xauth-1000-_0

/tmp/xauth-1000-_0 is the correct file.

The bad XAUTHORITY results in the dreaded "The screen locker is broken and unlocking is not possible anymore.", as any connections to the X server fail.

Display manager is SDDM.
Comment 1 Martin Flöser 2016-11-08 06:29:28 UTC
How does the XAUTHORITY look like for e.g. kwin_x11?
Comment 2 Stefan Brüns 2016-11-08 15:30:03 UTC
Side note: this seems to also affect the "Logout", "Reboot" Actions from KDE->Leave menu
Comment 3 Stefan Brüns 2016-11-08 15:43:37 UTC
for pid in 2388 2389 2393 2446 2428 2433 2439 ; do echo -n "$pid: " ; cat /proc/$pid/cmdline | tr '\0' ' ' ; echo -ne "\n\t" ; cat /proc/$pid/environ | tr '\0' '\n' | grep XAUTHORITY; echo ; done

2388: /usr/lib64/libexec/kf5/start_kdeinit --kded +kcminit_startup 
        XAUTHORITY=/home/sbruens/.Xauthority

2389: kdeinit5: Running...                                   

2393: kded5 [kdeinit5]                                       

2446: /usr/bin/konsole -session 101bc139153117000146712520700000035260022_1478617649_467193 
        XAUTHORITY=/tmp/xauth-1000-_0

2428: /usr/bin/ksmserver 
        XAUTHORITY=/home/sbruens/.Xauthority

2433: kwin_x11 -session 101bc139153117000142961805600000019630002_1478617650_383503 
        XAUTHORITY=/home/sbruens/.Xauthority

2439: plasmashell --shut-up 
        XAUTHORITY=/home/sbruens/.Xauthority



pstree -A -p sbruens | grep  '+'
akonadi_control(2602)-+-akonadi_akonote(2940)-+-{QDBusConnection}(2944)
                      |-akonadi_archive(2941)-+-{QDBusConnection}(2951)
                      ...
                      |-akonadi_notes_a(3072)-+-{QDBusConnection}(3097)
                      |-akonadi_sendlat(3078)-+-{QDBusConnection}(3116)
                      |-akonadiserver(2612)-+-mysqld(2636)-+-{mysqld}(2664)
at-spi-bus-laun(2867)-+-{dconf worker}(2869)
dconf-service(2425)-+-{gdbus}(2430)
gnome-keyring-d(2688)-+-{gdbus}(2698)
gvfsd(2884)-+-{gdbus}(2886)
gvfsd-fuse(2889)-+-{gdbus}(2903)
kaccess(2401)-+-{QDBusConnection}(2402)
kactivitymanage(2481)-+-{QDBusConnection}(2483)
kdeinit5(2389)-+-firefox(2512)-+-Web Content(3000)-+-{Chrome_ChildThr}(3008)
               |-kded5(2393)-+-{QDBusConnection}(2398)
               |-klauncher(2390)-+-{QDBusConnection}(2392)
               |-konsole(2446)-+-bash(2661)
               |               |-bash(2741)-+-grep(4753)
               |-korgac(2464)-+-{QDBusConnection}(2517)
               |-ksmserver(2428)-+-baloo_file(2436)---{QDBusConnection}(2452)
               |                 |-krunner(2437)-+-{QDBusConnection}(2458)
               |                 |-kwin_x11(2433)-+-{QDBusConnection}(2434)
               |                 |-plasmashell(2439)-+-{QDBusConnection}(2453)
               |                 |-polkit-kde-auth(2440)-+-{QDBusConnection}(2445)
               |                 |-xembedsniproxy(2441)-+-{QDBusConnection}(2451)
               `-org_kde_powerde(2456)-+-{QDBusConnection}(2461)
kglobalaccel5(2412)-+-{QDBusConnection}(2415)
kscreen_backend(2417)-+-{QDBusConnection}(2427)
kwalletd5(2610)-+-{QDBusConnection}(2633)
pulseaudio(2503)-+-{alsa-sink-ALC66}(2564)
startkde(2266)-+-gpg-agent(2352)
Comment 4 Martin Flöser 2016-11-08 16:56:01 UTC
Given the output it seems like konsole is the odd one. It's a dbus activated application as far as I know.

Anyway I think you need to forward this report to your distribution. Somehow the wrong xauthority ends up in your session. That is outside of kde's code
Comment 5 Stefan Brüns 2016-11-08 17:10:58 UTC
All processes with ~/.Xauthority are children of ksmserver, so this is expected.

powerdevil, akonadi, firefox all have /tmp/xauth_1000-_0 in its env.
Comment 6 Martin Flöser 2016-11-08 21:19:30 UTC
In the end all processes should be children of ksmserver. It's weird if you have processes which are not.

But anyway: distro topic
Comment 7 Stefan Brüns 2016-11-08 22:48:46 UTC
The processes which are not children of ksmserver are all programs which were restored from a previous session.
Comment 8 Stefan Brüns 2016-11-10 00:17:18 UTC
Actually, both ~/.Xauthority and /tmp/xauth-$UID-_$DISPLAY are correct locations, see https://cgit.kde.org/kinit.git/tree/src/kdeinit/kinit.cpp#n1470 for details.

The problem is caused by sddm.

When selecting "Switch User" and then starting a new session for an already logged in user (which I triggered inadvertently from the lock screen, which sometimes misbehaves on a dual screen setup - different bug), sddm replaces the contents of the ~/Xauthority file.
Comment 9 Martin Flöser 2016-11-10 06:20:07 UTC
Good investigation! But that also means it's not a bug in our software. We can hardly protect against another process replacing the authority file ;-)
Comment 10 Stefan Brüns 2016-11-11 16:23:41 UTC
Although I agree its not a bug in kscreenlocker, I still have two remarks:

1. kscreenlocker_greet is hard to debug, as it immediate turns of ptrac'ing, and only allows it late during the initialization if '--testing' is set. Imho it would be better to only disable ptrace right before app.exec().

I think from a security standpoint this would be fine as well, but allowed catching errors during initilization.

Relevant greeter code:
https://github.com/KDE/kscreenlocker/blob/42ad07d79785e51641f97f7d20709fee6ab54060/greeter/main.cpp#L63

If you agree, I would prepare a patch.


2. stderr is not catched by the screen locker daemon. When starting kscreenlocker_greet manually, e.g.:
$> XAUTHORITY=/home/stefan/.Xauthority_  /usr/lib64/libexec/kscreenlocker_greet --testing
No protocol specified
QXcbConnection: Could not connect to display :0
Abgebrochen

, there is a somewhat helpful error message ("No protocol specified" points clearly to xauth problems).
Comment 11 Martin Flöser 2016-11-12 16:39:28 UTC
No, I disagree on the ptrace change. It's important to get it set before any interaction with the windowing system is done. And that happens in QGuiApplication. Thus it needs to be before that.

The problem is also not the disable of ptrace, but the multi process architecture in general. In the source tree there is another test top which can simulate the architecture without having to rely on ksmserver. But requires to build from source.