Package: xdm Version: 1:1.1.11-3 Severity: normal Dear Maintainer,
When configured for XDMCP (to LISTEN on UDP port 177), xdm also opens a random, high-numbered TCP (tcp6, IPv6) port to LISTEN. Currently my xdm shows: root@p639:~# netstat -anp | grep xdm tcp6 0 0 :::51359 :::* LISTEN 2471/xdm udp 0 0 0.0.0.0:177 0.0.0.0:* 2471/xdm unix 3 [ ] STREAM CONNECTED 4867 2471/xdm root@p639:~# lsof -p 2471 | grep -E -i 'udp|tcp|unix' xdm 2471 root 1u unix 0xffff880118ee7480 0t0 4867 type=STREAM xdm 2471 root 3u IPv6 8097 0t0 TCP *:51359 (LISTEN) xdm 2471 root 4u IPv4 6954 0t0 UDP *:xdmcp root@p639:~# I wonder whether this is a recurrence of bug#239341. Please let me know if I should investigate further. Thanks, Paul Paul Szabo [email protected] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- System Information: Debian Release: 9.3 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (x86_64) Kernel: Linux 4.9.65-pk09.06-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages xdm depends on: ii cpp 4:6.3.0-4 ii debconf [debconf-2.0] 1.5.61 ii libc6 2.24-11+deb9u1 ii libpam0g 1.1.8-3.6 ii libselinux1 2.6-3+b3 ii libx11-6 2:1.6.4-3 ii libxau6 1:1.0.8-1 ii libxaw7 2:1.0.13-1+b2 ii libxdmcp6 1:1.1.2-3 ii libxext6 2:1.3.3-1+b2 ii libxft2 2.3.2-1+b2 ii libxinerama1 2:1.1.3-1+b3 ii libxmu6 2:1.1.2-2 ii libxpm4 1:3.5.12-1 ii libxrender1 1:0.9.10-1 ii libxt6 1:1.1.5-1 ii lsb-base 9.20161125 ii procps 2:3.3.12-3 ii x11-utils 7.7+3+b1 ii x11-xserver-utils 7.7+7+b1 ii xbase-clients 1:7.7+19 xdm recommends no packages. xdm suggests no packages. -- Configuration Files: /etc/X11/xdm/Xaccess changed: * #any host can get a login window LISTEN 0.0.0.0 /etc/X11/xdm/Xresources changed: Xcursor.theme: whiteglass xlogin*login.translations: #override \ <Key>Escape: abort-display()\n\ Ctrl<Key>R: abort-display()\n\ <Key>F11: set-session-argument(failsafe)\n\ <Key>Delete: delete-character()\n\ <Key>Left: move-backward-character()\n\ <Key>Right: move-forward-character()\n\ <Key>Home: move-to-begining()\n\ <Key>End: move-to-end()\n\ <Key>Tab: finish-field()\n\ <Key>Return: finish-field()\n\ <Key>KP_Enter: finish-field() !xlogin*greeting: Welcome to CLIENTHOST !xlogin*namePrompt: \040\040\040\040\040\040\040Login: !xlogin*fail: Login incorrect or forbidden by policy xlogin*greeting: CLIENTHOST xlogin*namePrompt: \040\040\040\040\040\040Login: !!! Should not this come from PAM?? xlogin*fail: Login incorrect xlogin.Login.echoPasswd: true xlogin.Login.echoPasswdChar: * xlogin*greetFont: -adobe-helvetica-bold-o-normal--24-240-75-75-p-138-iso8859-1 xlogin*font: -adobe-helvetica-medium-r-normal--18-180-75-75-p-98-iso8859-1 xlogin*promptFont: -adobe-helvetica-bold-r-normal--18-180-75-75-p-103-iso8859-1 xlogin*failFont: -adobe-helvetica-bold-r-normal--18-180-75-75-p-103-iso8859-1 xlogin*greetFace: Serif-24:bold:italic xlogin*face: Helvetica-18 xlogin*promptFace: Helvetica-18:bold xlogin*failFace: Helvetica-18:bold xlogin*greetFont: -adobe-helvetica-bold-o-normal--17-120-100-100-p-92-iso8859-1 xlogin*font: -adobe-helvetica-medium-r-normal--12-120-75-75-p-67-iso8859-1 xlogin*promptFont: -adobe-helvetica-bold-r-normal--12-120-75-75-p-70-iso8859-1 xlogin*failFont: -adobe-helvetica-bold-o-normal--14-140-75-75-p-82-iso8859-1 xlogin*greetFace: Serif-18:bold:italic xlogin*face: Helvetica-12 xlogin*promptFace: Helvetica-12:bold xlogin*failFace: Helvetica-14:bold xlogin*borderWidth: 1 xlogin*frameWidth: 5 xlogin*innerFramesWidth: 2 xlogin*shdColor: grey30 xlogin*hiColor: grey90 xlogin*background: grey !xlogin*foreground: darkgreen xlogin*greetColor: Blue3 xlogin*failColor: red *Foreground: black *Background: #fffff0 xlogin*borderWidth: 3 xlogin*frameWidth: 0 xlogin*innerFramesWidth: 1 xlogin*shdColor: black xlogin*hiColor: black !! No logo, we have background !#if PLANES >= 8 !xlogin*logoFileName: /usr/share/X11/xdm/pixmaps/debian.xpm !#else !xlogin*logoFileName: /usr/share/X11/xdm/pixmaps/debianbw.xpm !#endif !xlogin*useShape: true !xlogin*logoPadding: 10 XConsole.text.geometry: 480x130 XConsole.verbose: true XConsole*iconic: true XConsole*font: fixed Chooser*geometry: 700x500+300+200 Chooser*allowShellResize: false Chooser*viewport.forceBars: true Chooser*label.font: *-new century schoolbook-bold-i-normal-*-240-* Chooser*label.label: XDMCP Host Menu from CLIENTHOST Chooser*list.font: -*-*-medium-r-normal-*-*-230-*-*-c-*-iso8859-1 Chooser*Command.font: *-new century schoolbook-bold-r-normal-*-180-* /etc/X11/xdm/Xsession changed: OPTIONFILE=/etc/X11/Xsession.options SYSRESOURCES=/etc/X11/Xresources USRRESOURCES=$HOME/.Xresources SYSSESSIONDIR=/etc/X11/Xsession.d USERXSESSION=$HOME/.xsession USERXSESSIONRC=$HOME/.xsessionrc ALTUSERXSESSION=$HOME/.Xsession PROGNAME="$0" showmsg () { # pretty-print messages of arbitrary length; use xmessage if it # is available and $DISPLAY is set MESSAGE="$PROGNAME: $*" echo "$MESSAGE" | fold -s -w ${COLUMNS:-80} >&2 if [ -n "$DISPLAY" ]; then if [ -n "$zenity" ]; then "$zenity" --info --text "$MESSAGE" elif [ -n "$xmessage" ]; then echo "$MESSAGE" | fold -s -w ${COLUMNS:-80} | $xmessage -center -file - fi fi } message () { # Because scripts in /etc/X11/Xsession.d/* use message() showmsg "$*" } errormsg () { # exit script with error showmsg "$*" exit 1 } run_parts () { # until run-parts --noexec is implemented if [ -z "$1" ]; then errormsg "run_parts() called without an argument." fi if [ ! -d "$1" ]; then errormsg "run_parts() called, but \"$1\" does not exist or is" \ "not a directory." fi for F in $(/bin/ls $1); do if expr "$F" : '[[:alnum:]_-]\+$' > /dev/null 2>&1; then if [ -f "$1/$F" ]; then echo "$1/$F" fi fi done } ERRFILE="$HOME/.xsession-errors" [ -f $ERRFILE ] || rm -rf $ERRFILE if (umask 077 && touch "$ERRFILE") 2> /dev/null && [ -f "$ERRFILE" ] && [ -w "$ERRFILE" ] && [ ! -L "$ERRFILE" ] && chmod 600 "$ERRFILE" && : > "$ERRFILE"; then SUCCESS=true else errormsg "unable to create $ERRFILE, aborting." fi exec >>"$ERRFILE" 2>&1 echo "$0: X session started for $LOGNAME at $(date)" cd $HOME test -f /etc/profile && . /etc/profile test -f "$HOME/.profile" && . "$HOME/.profile" test -f /etc/xprofile && . /etc/xprofile test -f "$HOME/.xprofile" && . "$HOME/.xprofile" zenity=`which zenity 2>/dev/null` xmessage=`which xmessage 2>/dev/null` command="$*" if [ -z "$command" ] ; then command='(no command specified)' fi usermodmap="$HOME/.Xmodmap" userxkbmap="$HOME/.Xkbmap" if [ -f "$userxkbmap" ]; then setxkbmap `cat "$userxkbmap"` XKB_IN_USE=yes fi if [ -z "$XKB_IN_USE" ]; then if [ -f "$usermodmap" ]; then xmodmap "$usermodmap" fi fi unset XKB_IN_USE WAS=`xauth list 2>&1` xauth list 2>/dev/null | perl -ne ' ($h,$s,$m,$c)=m/^#ffff#((?:3\d|2e)*)#:(\S+)\s+(MIT\S+)\s+([0-9a-f]{32})$/ and $h=~s/2e/./g and $h=~s/3(\d)/$1/g and system "xauth add $h:$s $m $c"; exit' NOW=`xauth list 2>&1` if [ "$WAS" != "$NOW" ]; then echo echo "xauth before fix:" echo "$WAS" echo echo "xauth after fix:" echo "$NOW" echo fi xlsclients -l | perl -ne ' if (m/^Window (0x\w+):$/) { $w = $1; } if (m/Command: ptkmessage/) { $km = 1; print "Killing ptkmessage at $w\n"; system "xkill -id $w >/dev/null"; } END { $km or print "No ptkmessage seen in xlsclients\n"; } ' dmrcdefault='/usr/lib/gnome-flashback/gnome-flashback-metacity' DMRCFILE="$HOME/.dmrc" case "$command" in '' | default | '(no command specified)' ) # User chose "system default" session, which is default. # See if user has something more sensible in ~/.dmrc already. # The GDM3 default is gnome-session; that works from GDM3, # but fails otherwise (why? complains about world rw access to # /dev/dri/card0, but still fails). # Seems that GDM3 needs # dpkg-reconfigure libpam-runtime # 1. Unix authentication # 2. Register user sessions in the systemd control group hierarchy # Would gnome-session need any more when started from outside GDM3? # (Flashback below is happy with just Unix authentication.) # Use "gnome classic" gnome-session-flashback as default. # Need: # apt-get install gnome-session-flashback # ln -s /usr/lib/gnome-panel/gnome-session-flashback /usr/bin/ # Bizarre: that is just "gnome-session --session=gnome-flashback". # Reminder: we need Alt-rightclick (not just rightclick) to # arrange menus (panel items) in gnome-session-flashback. if [ -f "$DMRCFILE" ]; then dmrcsess=$(perl -ne 's/^\s*Session\s*=\s*(\S.*\S)\s*$/$1/ and print,exit' "$DMRCFILE") if [ -n "$dmrcsess" ]; then case "$dmrcsess" in gnome | default | gnome-session-flashback ) # Was "gnome" at squeeze gdm, it is "gome-session" at gdm3; # but as commented above, using our default instead. echo "$0: ~/.dmrc has Session=$dmrcsess but using $dmrcdefault instead" dmrcsess="$dmrcdefault" ;; * ) X=`perl -ne 'print,exit if s/^Exec=//' /usr/share/xsessions/$dmrcsess.desktop 2>&-` if [ -n "$X" -a "$X" != "$dmrcsess" ]; then echo "$0: ~/.dmrc has Session=$dmrcsess but using $X (Exec in /usr/share/xsessions/$dmrcsess.desktop) instead" dmrcsess="$X" fi ;; esac echo "$0: Using Session=$dmrcsess from ~/.dmrc instead of $command" set -- $dmrcsess command="$*" else echo "$0: No Session=... line in ~/.dmrc so keep using $command" fi else #echo "$0: No file ~/.dmrc so keep using $1" echo "$0: No file ~/.dmrc so using $dmrcdefault instead of $command" set -- $dmrcdefault command="$*" fi ;; failsafe ) echo "$0 failsafe session. Not recording in $DMRCFILE" # Do an xterm now... failsafe does NOT work via SESSIONFILES, # would use x-terminal-emulator and that says # Error constructing proxy for org.gnome.Terminal:/org/gnome/Terminal/Factory0: Error calling StartServiceByName for org.gnome.Terminal: GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildExited: Process org.gnome.Terminal exited with status 8 # in $ERRFILE. # Show message but without waiting for OK ( showmsg " Failsafe session: just an xterm. Windows have focus only if you have the cursor above them. Type 'exit' in the xterm window when done. "; ) & #exec x-terminal-emulator -geometry 80x24+0+0 exec xterm -geometry 80x24+0+0 ;; * ) # Got some (non-trivial?) session selection, record it in ~/.dmrc # in standard format echo -e "[Desktop]\nSession=$command" > "$DMRCFILE" echo "$0: Recorded Session=$command in ~/.dmrc" ;; esac echo "Doing x11proxy switch at `date +%T.%N` ..." X=`/usr/sms/bin/x11proxy 2>&1` D= case "$X" in '' | *' '* ) ;; DISPLAY=* ) D="${X#DISPLAY=}";; esac if [ -n "$D" ]; then echo "Using x11proxy: switching from $DISPLAY to DISPLAY=$D" export NXPROXY_DISPLAY="$DISPLAY" export DISPLAY="$D" case "$DISPLAY" in como* | bari* ) # On como or bari only (no use elsewhere) # Set PULSE_SERVER for (possible, later) yt-pa-start export PULSE_SERVER="${NXPROXY_DISPLAY%:*}" ;; esac else echo "Cannot use x11proxy, it said:" echo "$X" fi echo " ... done x11proxy at `date +%T.%N`" SESSIONFILES=$(run_parts $SYSSESSIONDIR) if [ -n "$SESSIONFILES" ]; then for SESSIONFILE in $SESSIONFILES; do . $SESSIONFILE done fi echo "$0: Executing $command failed, will try to run xterm" ( showmsg " Could not start your $command session, so have started the failsafe xterm session, instead. Windows have focus only if you have the cursor above them. Type 'exit' in the xterm window when done. "; ) & exec xterm -geometry 80x24+0+0 /etc/X11/xdm/Xsetup changed: xsetbg /usr/share/images/desktop-base/moreblue-orbit-wallpaper-widescreen.jpg /usr/sms/bin/ptkmessage -geometry -50-20 /usr/sms/etc/ICTRPolicy-banner & /etc/X11/xdm/xdm-config changed: ! ! ! ! ! DisplayManager.authDir: /var/lib/xdm DisplayManager.errorLogFile: /var/log/xdm.log DisplayManager.pidFile: /var/run/xdm.pid DisplayManager.keyFile: /etc/X11/xdm/xdm-keys DisplayManager.servers: /etc/X11/xdm/Xservers DisplayManager.accessFile: /etc/X11/xdm/Xaccess DisplayManager*resources: /etc/X11/xdm/Xresources DisplayManager.willing: su nobody -s /bin/sh -c /etc/X11/xdm/Xwilling ! All displays should use authorization, but we cannot be sure ! X terminals will be configured to support it, so those that do not will ! require individual resource settings. DisplayManager*authorize: true ! DisplayManager*chooser: /usr/lib/X11/xdm/chooser DisplayManager*startup: /etc/X11/xdm/Xstartup DisplayManager*session: /etc/X11/xdm/Xsession DisplayManager*setup: /etc/X11/xdm/Xsetup DisplayManager*reset: /etc/X11/xdm/Xreset DisplayManager*authComplain: true DisplayManager*loginmoveInterval: 10 ! SECURITY: do not listen for XDMCP or Chooser requests ! Comment out this line if you want to manage X terminals with xdm ! Allow XDMCP: just comment out, or hard-code port 177 that we know is right? DisplayManager.requestPort: 177 /etc/X11/xdm/xdm.options changed: no-ignore-nologin no-restart-on-upgrade no-start-on-install use-sessreg -- debconf information: * shared/default-x-display-manager: xdm xdm/stop_running_server_with_children: false xdm/daemon_name: /usr/bin/xdm
