Mailinglist Archive: opensuse-security (260 mails)

< Previous Next >
Re: [suse-security] harden_suse & gdm
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Wed, 26 Jul 2000 15:26:36 +0200 (MEST)
  • Message-id: <Pine.LNX.4.21.0007261412080.11899-100000@xxxxxxxxxxxx>

It would be useful to know if the system is accessible if you run xdm or
kdm instead of gdm.
Unfortunately, I can't reproduce your problem right now.

Most liklely, the origin of the failure comes out of one or two corners:

1) a permission problem. You would have to strace or ltrace the binary to
get more details (maybe the process changes euid and runs into a closed
device file). Insert `strace -f -o /strace.gdm´ before the "startproc" in
/sbin/init.d/xdm. (kill the process with an atjob or alike to regain
control again!)

2) a locale problem, or a mixture with 1). Since the thing works with gdm
ran as root, the profile settings in one or more of /etc/rc.status,
/etc/rc.config, /etc/SuSEconfig/profile may be the culprit.

If nothing helps, comment out line 29 in /sbin/init.d/xdm (which reads
like "export $var") and see what it does.

- -
| Roman Drahtmüller <draht@xxxxxxx> "Caution: Cape does not |
SuSE GmbH - Security enable user to fly."
| Nürnberg, Germany (Batman Costume warning label) |
- -

> Folks -
> I ran the harden suse scripts today and have run into
> a little problem with gdm.
> System is clean suse 6.4 install, clean helix-gnome
> 1.2 install. run level 3 booted to gdm login window.
> Before running the harden script (options y y y y n n
> y n y y - modified workstation) on startup I would get
> the gdm login window. I could switch back to console
> 1, and log in either way.
> Now I boot to the gdm login window - it accepts no
> keyboard inputs, making it impossible to login or
> change consoles.
> Interestingly enough, now that it is disabled, I can
> run gdm fine from a root login and behavior is as
> expected.
> This probably has something to do with some of the
> permission resets and that gdm can access the keyboard
> - can someone point me in the right direction for
> repairing this, or help me understand the benefit of
> this behavior.
> Thanks.
> - Steve

< Previous Next >
Follow Ups