[Bug 1205939] New: AUDIT-WHITELIST: lightdm: move dbus system.d file to /usr
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1205939 Bug ID: 1205939 Summary: AUDIT-WHITELIST: lightdm: move dbus system.d file to /usr Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: gmbr3@opensuse.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Already in devel prj - but no-one has filed for completion https://build.opensuse.org/package/show/X11:Utilities/lightdm Move /etc/dbus-1/system.d/org.freedesktop.DisplayManager.conf to /usr/share/dbus-1/system.d/org.freedesktop.DisplayManager.conf -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1205939
https://bugzilla.suse.com/show_bug.cgi?id=1205939#c1
Matthias Gerstner
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1205939
https://bugzilla.suse.com/show_bug.cgi?id=1205939#c2
Matthias Gerstner
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1205939
https://bugzilla.suse.com/show_bug.cgi?id=1205939#c3
--- Comment #3 from Matthias Gerstner
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1205939
https://bugzilla.suse.com/show_bug.cgi?id=1205939#c4
Callum Farmer
The D-Bus interface is rather small but strangely completely unauthenticated. It allows all local users (included nobody et al) to e.g. lock an active session or switch between sessions. Also the creation of a session seems in reach, however in my tests it failed for some reason that I don't fully understand.
Maybe we can configure something in our packaging that leaves less attack surface there ...
CC'ing maintainer -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1205939
https://bugzilla.suse.com/show_bug.cgi?id=1205939#c5
--- Comment #5 from Matthias Gerstner
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
https://bugzilla.suse.com/show_bug.cgi?id=1205939
https://bugzilla.suse.com/show_bug.cgi?id=1205939#c6
Matthias Gerstner
participants (1)
-
bugzilla_noreply@suse.com