Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] harden_suse & gdm
  • From: Stephen nyc <stephennyny@xxxxxxxxx>
  • Date: Wed, 2 Aug 2000 11:11:00 -0700 (PDT)
  • Message-id: <20000802181100.24597.qmail@xxxxxxxxxxxxxxxxxxxxxx>
Roman -

Continuing along, I inserted strace as you suggested.
Lo and behold, it worked, on tty2? It also created a
giantic strace file.

I removed the strace, and it no longer works.

changing gdm to suid root does not solve the problem.

commenting out line 29 in xdm changed nothing as well.

I did notice the following in the gdm log - the last
line reads:

System: `/usr/X11R6/lib/X11/xkb/xkbcomp -w 1
-R/usr/X11R6/lib/X11/xkb -xkm -m us -em1 "The
XKEYBOARD keymap compiler (xkbcomp) reports:" -emp ">
" -eml "Errors from xkbcomp are not fatal to the X
server" keymap/xfree86 compiled/xfree86.xkm'

I figure I'll include this since the keyboard is what
appears to not be working...

- Steve


--- Stephen nyc <stephennyny@xxxxxxxxx> wrote:
> Roman -
>
> Thanks for the insight - xdm and kdm run fine.
> Neither
> of them run as suid root.t
>
> I'm looking into the strace now.
>
> - Steve
>
> --- Roman Drahtmueller <draht@xxxxxxx> wrote:
> > Stephen,
> >
> > It would be useful to know if the system is
> > accessible if you run xdm or
> > kdm instead of gdm.
> > Unfortunately, I can't reproduce your problem
> right
> > now.
> >
> > Most liklely, the origin of the failure comes out
> of
> > one or two corners:
> >
> > 1) a permission problem. You would have to strace
> or
> > ltrace the binary to
> > get more details (maybe the process changes euid
> and
> > runs into a closed
> > device file). Insert `strace -f -o /strace.gdm´
> > before the "startproc" in
> > /sbin/init.d/xdm. (kill the process with an atjob
> or
> > alike to regain
> > control again!)
> >
> > 2) a locale problem, or a mixture with 1). Since
> the
> > thing works with gdm
> > ran as root, the profile settings in one or more
> of
> > /etc/rc.status,
> > /etc/rc.config, /etc/SuSEconfig/profile may be the
> > culprit.
> >
> > If nothing helps, comment out line 29 in
> > /sbin/init.d/xdm (which reads
> > like "export $var") and see what it does.
> >
> > Thanks,
> > Roman.
> > --
> > -
>
> > -
> > | Roman Drahtmüller <draht@xxxxxxx> "Caution:
> > Cape does not |
> > SuSE GmbH - Security enable
> user
> > to fly."
> > | Nürnberg, Germany (Batman
> > Costume warning label) |
> > -
>
> > -
> >
> >
> >
> >
> >
> > > Folks -
> > >
> > > I ran the harden suse scripts today and have run
> > into
> > > a little problem with gdm.
> > >
> > > System is clean suse 6.4 install, clean
> > helix-gnome
> > > 1.2 install. run level 3 booted to gdm login
> > window.
> > >
> > > Before running the harden script (options y y y
> y
> > n n
> > > y n y y - modified workstation) on startup I
> would
> > get
> > > the gdm login window. I could switch back to
> > console
> > > 1, and log in either way.
> > >
> > > Now I boot to the gdm login window - it accepts
> no
> > > keyboard inputs, making it impossible to login
> or
> > > change consoles.
> > >
> > > Interestingly enough, now that it is disabled, I
> > can
> > > run gdm fine from a root login and behavior is
> as
> > > expected.
> > >
> > > This probably has something to do with some of
> the
> > > permission resets and that gdm can access the
> > keyboard
> > > - can someone point me in the right direction
> for
> > > repairing this, or help me understand the
> benefit
> > of
> > > this behavior.
> > >
> > > Thanks.
> > >
> > > - Steve
> >
> >
> >
> >
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Kick off your party with Yahoo! Invites.
> http://invites.yahoo.com/
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail:
> suse-security-help@xxxxxxxx
>



__________________________________________________
Do You Yahoo!?
Kick off your party with Yahoo! Invites.
http://invites.yahoo.com/

< Previous Next >
This Thread