[Bug 629728] New: LXDM run the greeters as root user
http://bugzilla.novell.com/show_bug.cgi?id=629728 http://bugzilla.novell.com/show_bug.cgi?id=629728#c0 Summary: LXDM run the greeters as root user Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: LXDE AssignedTo: andrea@opensuse.org ReportedBy: andrea@opensuse.org QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.25 Safari/534.3 lxdm 0.2.0 run the greeters as root user. This can be IMHO considered a security risk. into X11:lxde repository is available and updated package that fix that. lxdm now run the greeter as user "lxdm" instead than "root" i would like to release a maintenance update for it (and other issues listed below). other relevant informations: 1) the upgrade fix also bnc#619769 2) the upgrade fix racing conditions caused by wrong signals handling (switch to init 3 do not killed X server in rare cases) 3) /etc/lxdm/lxdm.conf and /var/lib/lxdm change ownership (from root:root to lxdm:lxdm) and the user and group lxdm are added to the system 4) better logging handling (lxdm now properly use glibc functions to menage logs) 5) fix bug sf#3032025 LXDM never calls pam_acct_mgmt 6) general better stability BUT 7) all those changes can NOT be backported to 0.2.0 codebase but will requires an update to a more recent git snapshot. the pacakge is into X11:lxde/lxdm if a review is needed, it has been heavly tested i believe that the bugfixes worth the upgrade Reproducible: Always -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=629728 http://bugzilla.novell.com/show_bug.cgi?id=629728#c1 andrea florio <andrea@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |security-team@suse.de --- Comment #1 from andrea florio <andrea@opensuse.org> 2010-08-09 22:53:35 UTC --- adding needinfo to security team. asking for SWAMPID -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=629728 http://bugzilla.novell.com/show_bug.cgi?id=629728#c2 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- InfoProvider|security-team@suse.de |maintenance@opensuse.org --- Comment #2 from Ludwig Nussel <lnussel@novell.com> 2010-08-10 08:09:19 CEST --- Since this is not directly a vulnerability but rather a precaution we don't need to handle this as security update. Just use the normal maintenance process here. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=629728 http://bugzilla.novell.com/show_bug.cgi?id=629728#c3 Christian Dengler <cdengler@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cdengler@novell.com --- Comment #3 from Christian Dengler <cdengler@novell.com> 2010-08-11 16:04:13 UTC --- Which package would you update? Only lxdm? To which version?
From my point we can do it. +1
Other opinions? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=629728 http://bugzilla.novell.com/show_bug.cgi?id=629728#c4 --- Comment #4 from andrea florio <andrea@opensuse.org> 2010-08-11 16:30:21 UTC --- yes, lxdm only. to this git snapshot: http://lxde.git.sourceforge.net/git/gitweb.cgi?p=lxde/lxdm;a=tree;h=636a4490... -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=629728 http://bugzilla.novell.com/show_bug.cgi?id=629728#c5 --- Comment #5 from andrea florio <andrea@opensuse.org> 2010-08-13 14:14:26 UTC --- i have another reason to push the update... this fix also this bug: https://bugzilla.novell.com/show_bug.cgi?id=630862 (according to upstream changelog and my tests... wayting for user confirmation thougt) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=629728 http://bugzilla.novell.com/show_bug.cgi?id=629728#c6 --- Comment #6 from andrea florio <andrea@opensuse.org> 2010-08-13 21:14:47 UTC --- i had confirmation, bnc#630862 has been fixed too.. this bug is actually CRITICAL since "can't login when space in password" so this is a more reason to release an update as soon as possible. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=629728 https://bugzilla.novell.com/show_bug.cgi?id=629728#c7 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |maint:running:35212:importa | |nt --- Comment #7 from Swamp Workflow Management <swamp@suse.com> 2010-08-17 12:42:10 UTC --- The SWAMPID for this issue is 35212. This issue was rated as important. Please submit fixed packages until 2010-08-24. Also create a patchinfo file using this link: https://swamp.suse.de/webswamp/wf/35212 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=629728 https://bugzilla.novell.com/show_bug.cgi?id=629728#c8 Christian Dengler <cdengler@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|maintenance@opensuse.org | --- Comment #8 from Christian Dengler <cdengler@novell.com> 2010-08-17 12:43:01 UTC --- Ok, let us do it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=629728 https://bugzilla.novell.com/show_bug.cgi?id=629728#c9 --- Comment #9 from andrea florio <andrea@opensuse.org> 2010-08-17 13:36:08 UTC --- update process started: sr#45702 --> lxdm sr#45703 --> patchinfo -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=629728 https://bugzilla.novell.com/show_bug.cgi?id=629728#c10 Dirk Mueller <dmueller@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #10 from Dirk Mueller <dmueller@novell.com> 2010-08-20 09:12:20 CEST --- updates in testing -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=629728 https://bugzilla.novell.com/show_bug.cgi?id=629728#c11 Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:35212:importa |maint:running:35212:importa |nt |nt | |maint:released:11.3:35214 --- Comment #11 from Swamp Workflow Management <swamp@suse.com> 2010-08-25 10:00:27 UTC --- Update released for: lxdm, lxdm-debuginfo, lxdm-debugsource Products: openSUSE 11.3 (debug, i586, x86_64) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=629728 https://bugzilla.novell.com/show_bug.cgi?id=629728#c Swamp Workflow Management <swamp@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|maint:running:35212:importa |. |nt | |maint:released:11.3:35214 | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=629728 http://bugzilla.novell.com/show_bug.cgi?id=629728#c12 --- Comment #12 from Bernhard Wiedemann <bwiedemann@suse.com> --- This is an autogenerated message for OBS integration: This bug (629728) was mentioned in https://build.opensuse.org/request/show/45702 11.3:Test / lxdm https://build.opensuse.org/request/show/45703 11.3:Test / _patchinfo: -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com