Mailinglist Archive: opensuse-security (260 mails)

< Previous Next >
Re: [suse-security] harden_suse & gdm
  • From: <ksemat@xxxxxxxxxxxxxxx>
  • Date: Wed, 26 Jul 2000 20:06:57 +0300 (EAT)
  • Message-id: <Pine.LNX.4.21.0007262005210.5845-100000@xxxxxxxxxxxxxxx>
Actually what I remember is that on some systems gdm needs to be suid root
in order to run.
On Wed, 26 Jul 2000, Roman Drahtmueller wrote:

> Date: Wed, 26 Jul 2000 15:26:36 +0200 (MEST)
> From: Roman Drahtmueller <draht@xxxxxxx>
> To: Stephen nyc <stephennyny@xxxxxxxxx>
> Cc: suse-security <suse-security@xxxxxxxx>
> Subject: Re: [suse-security] harden_suse & gdm
>
> Stephen,
>
> It would be useful to know if the system is accessible if you run xdm or
> kdm instead of gdm.
> Unfortunately, I can't reproduce your problem right now.
>
> Most liklely, the origin of the failure comes out of one or two corners:
>
> 1) a permission problem. You would have to strace or ltrace the binary to
> get more details (maybe the process changes euid and runs into a closed
> device file). Insert `strace -f -o /strace.gdmŽ before the "startproc" in
> /sbin/init.d/xdm. (kill the process with an atjob or alike to regain
> control again!)
>
> 2) a locale problem, or a mixture with 1). Since the thing works with gdm
> ran as root, the profile settings in one or more of /etc/rc.status,
> /etc/rc.config, /etc/SuSEconfig/profile may be the culprit.
>
> If nothing helps, comment out line 29 in /sbin/init.d/xdm (which reads
> like "export $var") and see what it does.
>
> Thanks,
> Roman.
> --
> - -
> | Roman Drahtmüller <draht@xxxxxxx> "Caution: Cape does not |
> SuSE GmbH - Security enable user to fly."
> | Nürnberg, Germany (Batman Costume warning label) |
> - -
>
>
>
>
>
> > Folks -
> >
> > I ran the harden suse scripts today and have run into
> > a little problem with gdm.
> >
> > System is clean suse 6.4 install, clean helix-gnome
> > 1.2 install. run level 3 booted to gdm login window.
> >
> > Before running the harden script (options y y y y n n
> > y n y y - modified workstation) on startup I would get
> > the gdm login window. I could switch back to console
> > 1, and log in either way.
> >
> > Now I boot to the gdm login window - it accepts no
> > keyboard inputs, making it impossible to login or
> > change consoles.
> >
> > Interestingly enough, now that it is disabled, I can
> > run gdm fine from a root login and behavior is as
> > expected.
> >
> > This probably has something to do with some of the
> > permission resets and that gdm can access the keyboard
> > - can someone point me in the right direction for
> > repairing this, or help me understand the benefit of
> > this behavior.
> >
> > Thanks.
> >
> > - Steve
>
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>

Noah
ksemat@xxxxxxxxxx




< Previous Next >
References