Mailinglist Archive: opensuse-security (601 mails)

< Previous Next >
Re: [suse-security] harden_suse & gdm
  • From: Stephen nyc <stephennyny@xxxxxxxxx>
  • Date: Wed, 2 Aug 2000 08:58:38 -0700 (PDT)
  • Message-id: <20000802155838.19826.qmail@xxxxxxxxxxxxxxxxxxxxxx>
Roman -

Thanks for the insight - xdm and kdm run fine. Neither
of them run as suid root.t

I'm looking into the strace now.

- Steve

--- Roman Drahtmueller <draht@xxxxxxx> wrote:
> Stephen,
>
> It would be useful to know if the system is
> accessible if you run xdm or
> kdm instead of gdm.
> Unfortunately, I can't reproduce your problem right
> now.
>
> Most liklely, the origin of the failure comes out of
> one or two corners:
>
> 1) a permission problem. You would have to strace or
> ltrace the binary to
> get more details (maybe the process changes euid and
> runs into a closed
> device file). Insert `strace -f -o /strace.gdm´
> before the "startproc" in
> /sbin/init.d/xdm. (kill the process with an atjob or
> alike to regain
> control again!)
>
> 2) a locale problem, or a mixture with 1). Since the
> thing works with gdm
> ran as root, the profile settings in one or more of
> /etc/rc.status,
> /etc/rc.config, /etc/SuSEconfig/profile may be the
> culprit.
>
> If nothing helps, comment out line 29 in
> /sbin/init.d/xdm (which reads
> like "export $var") and see what it does.
>
> Thanks,
> Roman.
> --
> -
> -
> | Roman Drahtmüller <draht@xxxxxxx> "Caution:
> Cape does not |
> SuSE GmbH - Security enable user
> to fly."
> | Nürnberg, Germany (Batman
> Costume warning label) |
> -
> -
>
>
>
>
>
> > Folks -
> >
> > I ran the harden suse scripts today and have run
> into
> > a little problem with gdm.
> >
> > System is clean suse 6.4 install, clean
> helix-gnome
> > 1.2 install. run level 3 booted to gdm login
> window.
> >
> > Before running the harden script (options y y y y
> n n
> > y n y y - modified workstation) on startup I would
> get
> > the gdm login window. I could switch back to
> console
> > 1, and log in either way.
> >
> > Now I boot to the gdm login window - it accepts no
> > keyboard inputs, making it impossible to login or
> > change consoles.
> >
> > Interestingly enough, now that it is disabled, I
> can
> > run gdm fine from a root login and behavior is as
> > expected.
> >
> > This probably has something to do with some of the
> > permission resets and that gdm can access the
> keyboard
> > - can someone point me in the right direction for
> > repairing this, or help me understand the benefit
> of
> > this behavior.
> >
> > Thanks.
> >
> > - Steve
>
>
>
>
>


__________________________________________________
Do You Yahoo!?
Kick off your party with Yahoo! Invites.
http://invites.yahoo.com/

< Previous Next >
This Thread