Subject: bin/4848: rpc.rusersd uses ut_host as display name
To: None <gnats-bugs@gnats.netbsd.org>
From: Kimmo Suominen <kim@lce.hut.fi>
List: netbsd-bugs
Date: 01/20/1998 15:37:46
>Number:         4848
>Category:       bin
>Synopsis:       rpc.rusersd uses ut_host as display name
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jan 20 05:50:02 1998
>Last-Modified:
>Originator:     Kimmo Suominen
>Organization:
Kimmo Suominen
>Release:        1.3A, rusers_proc.c from 1997-09-20
>Environment:
	
System: NetBSD styx.lce.hut.fi 1.3A NetBSD 1.3A (TAC-GENERIC) #0: Mon Jan 12 08:48:33 EST 1998 kim@hrothgar.gw.com:/net/hrothgar/src/NetBSD/cvsroot/src/sys/arch/i386/compile/TAC-GENERIC i386

>Description:
The rpc.rusersd daemon tries to get the idle time using XIDLE if X11
and the XIdle extension are detected by the Makefile.  However, it
uses the ut_host field in utmp as the display name, which usually is
not correct.  It might be better to look at the ut_line field and
use some detection of display names (e.g. a colon in the field).

When contacting the assumed display fails an error at level LOG_ERR
is logged.  I think the severity of this is too high considering
that most entries will not be valid displays.  Further, use of xauth
style authorization is higly recommended for all X11 users.  Since
the rpc.rusersd process does not have access to the authentication
cookies for the display, it can be expected to fail for even valid
display names.
>How-To-Repeat:
Compile rpc.rusersd with XIDLE defined and watch your logs grow.
>Fix:
Disabling the XIDLE code by default would get my vote.

Alternatively lower the log level to DEBUG and possibly use some
heuristics to detect display names.  Use ut_line instead of ut_host.
>Audit-Trail:
>Unformatted: