Received: (at submit) by bugs.debian.org; 5 May 2000 19:09:41 +0000
Received: (qmail 9378 invoked from network); 5 May 2000 19:09:40 -0000
Received: from smtp-rt-4.wanadoo.fr (HELO areca.wanadoo.fr) (@193.252.19.156)
  by master.debian.org with SMTP; 5 May 2000 19:09:40 -0000
Received: from andira.wanadoo.fr (193.252.19.152) by areca.wanadoo.fr; 5 May 2000 21:09:37 +0200
Received: from bylbo.nowhere.earth (213.56.235.249) by andira.wanadoo.fr; 5 May 2000 21:09:23 +0200
Received: from dwitch by bylbo.nowhere.earth with local (Exim 3.12 #1 (Debian))
	id 12nnTN-0006BN-00; Fri, 05 May 2000 21:09:13 +0200
From: dwitch <ydirson@altern.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: xauth: should use getpwuid to find home dir
X-Reportbug-Version: 0.54
X-Mailer: reportbug 0.54
Date: Fri, 05 May 2000 21:09:13 +0200
Message-Id: <E12nnTN-0006BN-00@bylbo.nowhere.earth>

Package: xbase-clients
Version: 3.3.6-6
Severity: normal

It appears that xauth uses the HOME variable to locate .Xauthority.
This causes unwanted behaviour when doing such:

$ xauth list :0
$ su
# xauth add <auth cookie>

Because now the .Xauthority file is owned by root.  Further more, the
.Xauthority-[cl] files (lock and ?) are not removed after xauth
terminated.

As a workaround, using "su -" works fine.  But I can't see any reason
why one would want to use $HOME for a security-related feature.

-- System Information
Debian Release: 2.2
Architecture: i386
Kernel: Linux bylbo 2.3.99-pre6 #1 ven avr 28 20:43:28 CEST 2000 i586

Versions of packages xbase-clients depends on:
ii  cpp                          1:2.95.2-10 The GNU C preprocessor.           
ii  libc6                        2.1.3-10    GNU C Library: Shared libraries an
ii  libncurses5                  5.0-6       Shared libraries for terminal hand
ii  xlib6g                       3.3.6-6     shared libraries required by X cli
ii  zlib1g [libz1]               1:1.1.3-5   compression library - runtime