diff -ur Linux-PAM-1.1.1.orig/modules/pam_xauth/pam_xauth.c Linux-PAM-1.1.1/modules/pam_xauth/pam_xauth.c --- Linux-PAM-1.1.1.orig/modules/pam_xauth/pam_xauth.c 2009-11-04 13:04:53.000000000 +0100 +++ Linux-PAM-1.1.1/modules/pam_xauth/pam_xauth.c 2009-12-30 17:14:59.000000000 +0100 @@ -88,7 +88,7 @@ * given input on stdin, and storing any output it generates. */ static int run_coprocess(const char *input, char **output, - uid_t uid, gid_t gid, const char *command, ...) + uid_t uid, gid_t gid, const char *name, const char *command, ...) { int ipipe[2], opipe[2], i; char buf[LINE_MAX]; @@ -127,7 +127,11 @@ int maxopened; /* Drop privileges. */ setgid(gid); + /* Mandrake Linux specific: + * we need to set the extra groups because in high security levels + * access to /usr/X11R6/bin dir is controlled by a group */ setgroups(0, NULL); + initgroups(name, gid); setuid(uid); /* Initialize the argument list. */ memset(args, 0, sizeof(args)); @@ -154,6 +158,7 @@ } /* Run the command. */ execv(command, args); + syslog(LOG_ERR, "pam_xauth: execvp of %s failed: %m", command); /* Never reached. */ _exit(1); } @@ -464,7 +469,7 @@ (unsigned long) getuid(), (unsigned long) getgid()); } if (run_coprocess(NULL, &cookie, - getuid(), getgid(), + getuid(), getgid(), rpwd->pw_name, xauth, "-f", cookiefile, "nlist", display, NULL) == 0) { int save_errno; @@ -522,7 +527,7 @@ (unsigned long) getgid()); } run_coprocess(NULL, &cookie, - getuid(), getgid(), + getuid(), getgid(), rpwd->pw_name, xauth, "-f", cookiefile, "nlist", t, NULL); } @@ -670,7 +675,7 @@ (unsigned long) tpwd->pw_gid); } run_coprocess(cookie, &tmp, - tpwd->pw_uid, tpwd->pw_gid, + tpwd->pw_uid, tpwd->pw_gid, tpwd->pw_name, xauth, "-f", cookiefile, "nmerge", "-", NULL); /* We don't need to keep a copy of these around any more. */