http://bugzilla.novell.com/show_bug.cgi?id=629728 http://bugzilla.novell.com/show_bug.cgi?id=629728#c0 Summary: LXDM run the greeters as root user Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: LXDE AssignedTo: andrea@opensuse.org ReportedBy: andrea@opensuse.org QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.25 Safari/534.3 lxdm 0.2.0 run the greeters as root user. This can be IMHO considered a security risk. into X11:lxde repository is available and updated package that fix that. lxdm now run the greeter as user "lxdm" instead than "root" i would like to release a maintenance update for it (and other issues listed below). other relevant informations: 1) the upgrade fix also bnc#619769 2) the upgrade fix racing conditions caused by wrong signals handling (switch to init 3 do not killed X server in rare cases) 3) /etc/lxdm/lxdm.conf and /var/lib/lxdm change ownership (from root:root to lxdm:lxdm) and the user and group lxdm are added to the system 4) better logging handling (lxdm now properly use glibc functions to menage logs) 5) fix bug sf#3032025 LXDM never calls pam_acct_mgmt 6) general better stability BUT 7) all those changes can NOT be backported to 0.2.0 codebase but will requires an update to a more recent git snapshot. the pacakge is into X11:lxde/lxdm if a review is needed, it has been heavly tested i believe that the bugfixes worth the upgrade Reproducible: Always -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.