Package: gdm Version: 2.20.11-4 Severity: normal
DoS with default DoubleLoginWarning With default setting of DoubleLoginWarning=true GDM gets stuck while showing the prompt You are already logged in. You can log in anyway or abort this login [Log in anyway] [Abort login] Strangely it is the "parent" GDM process that gets stuck, not spawning any further children nor reaping defunct ones. This makes it easy for a user to cause DoS: elicit that warning then walk away: no-one else can log in. I see this behaviour with XDMCP. Strangely, DoubleLoginWarning seems related to VTs and AlwaysLoginCurrentSession which is documented not to work with XDMCP. A workaround seems to be to set [daemon] DoubleLoginWarning=false in /etc/gdm/gdm.conf . Cheers, Paul Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- System Information: Debian Release: 6.0.6 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.19-pk06.01-i386 (SMP w/8 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages gdm depends on: ii adduser 3.112+nmu2 add and remove users and groups ii debconf [debconf-2 1.5.36.1 Debian configuration management sy ii gksu 2.0.2-5 graphical frontend to su ii gnome-session [x-s 2.30.2-3 The GNOME Session Manager - GNOME ii gnome-terminal [x- 2.30.2-1 The GNOME terminal emulator applic ii icewm [x-window-ma 1.3.7~pre2-1 wonderful Win95-OS/2-Motif-like wi ii konsole [x-termina 4:4.4.5-2 X terminal emulator ii libart-2.0-2 2.3.21-1 Library of functions for 2D graphi ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit ii libattr1 1:2.4.44-2 Extended attribute shared library ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra ii libdbus-1-3 1.2.24-4+squeeze1 simple interprocess messaging syst ii libdbus-glib-1-2 0.88-2.1 simple interprocess messaging syst ii libdmx1 1:1.1.0-2 X11 Distributed Multihead extensio ii libfontconfig1 2.8.0-2.1 generic font configuration library ii libfreetype6 2.4.2-2.1+squeeze4 FreeType 2 font engine, shared lib ii libglade2-0 1:2.6.4-1 library to load .glade files at ru ii libglib2.0-0 2.24.2-1 The GLib library of C routines ii libgnomecanvas2-0 2.30.1-1 A powerful object-oriented display ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface ii libpam-modules 1.1.1-6.1+squeeze1 Pluggable Authentication Modules f ii libpam-runtime 1.1.1-6.1+squeeze1 Runtime support for the PAM librar ii libpam0g 1.1.1-6.1+squeeze1 Pluggable Authentication Modules l ii libpango1.0-0 1.28.3-1+squeeze2 Layout and rendering of internatio ii librsvg2-2 2.26.3-1 SAX-based renderer library for SVG ii librsvg2-common 2.26.3-1 SAX-based renderer library for SVG ii libselinux1 2.0.96-1 SELinux runtime shared libraries ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra ii libx11-6 2:1.3.3-4 X11 client-side library ii libxau6 1:1.0.6-1 X11 authorisation library ii libxdmcp6 1:1.0.3-2 X11 Display Manager Control Protoc ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar ii libxi6 2:1.3-7 X11 Input extension library ii libxinerama1 2:1.1-3 X11 Xinerama extension library ii libxml2 2.7.8.dfsg-2+squeeze5 GNOME XML library ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii metacity [x-window 1:2.30.1-3 lightweight GTK+ window manager ii rxvt [x-terminal-e 1:2.6.4-14 VT102 terminal emulator for the X ii sawfish [x-window- 1:1.3.5.2-2 a window manager for X11 ii xfce4-session [x-s 4.6.2-3 Xfce4 Session Manager ii xfwm4 [x-window-ma 4.6.2-1 window manager of the Xfce project ii xterm [x-terminal- 261-1 X terminal emulator ii xvt [x-terminal-em 2.1-20 X terminal-emulator similar to xte Versions of packages gdm recommends: ii dialog 1.1-20100428-1 Displays user-friendly dialog boxe pn gdm-themes <none> (no description available) ii whiptail 0.52.11-1 Displays user-friendly dialog boxe ii xserver-xephyr 2:1.7.7-14 nested X server ii xserver-xorg 1:7.5+8+squeeze1 the X.Org X server ii zenity 2.30.0-1 Display graphical dialog boxes fro Versions of packages gdm suggests: ii libpam-gnome-keyring 2.30.3-5 PAM module to unlock the GNOME key ii locales 2.11.3-4 Embedded GNU C Library: National L ii pm-utils 1.3.0-3 utilities and scripts for power ma -- Configuration Files: /etc/gdm/Init/Default changed: PATH=/usr/bin:$PATH OLD_IFS=$IFS gdmwhich () { COMMAND="$1" OUTPUT= IFS=: for dir in $PATH do if test -x "$dir/$COMMAND" ; then if test "x$OUTPUT" = "x" ; then OUTPUT="$dir/$COMMAND" fi fi done IFS=$OLD_IFS echo "$OUTPUT" } sysmodmap=/etc/X11/Xmodmap XMODMAP=`gdmwhich xmodmap` if [ "x$XMODMAP" != "x" ] ; then if [ "x$GDM_PARENT_DISPLAY" = "x" ]; then if [ -f $sysmodmap ]; then $XMODMAP $sysmodmap fi else ( DISPLAY=$GDM_PARENT_DISPLAY XAUTHORITY=$GDM_PARENT_XAUTHORITY $XMODMAP -pke ) | $XMODMAP - fi # # Switch Sun's Alt and Meta mod mappings # UNAME=`gdmwhich uname` PROCESSOR=`$UNAME -p` if [ "x$PROCESSOR" = "xsparc" ]; then if $XMODMAP | /usr/bin/grep mod4 | /usr/bin/grep Alt > /dev/null 2>/dev/null then $XMODMAP -e "clear Mod1" \ -e "clear Mod4" \ -e "add Mod1 = Alt_L" \ -e "add Mod1 = Alt_R" \ -e "add Mod4 = Meta_L" \ -e "add Mod4 = Meta_R" fi fi fi SETXKBMAP=`gdmwhich setxkbmap` if [ "x$SETXKBMAP" != "x" ] ; then # FIXME: is this all right? Is this completely on crack? # What this does is move the xkb configuration from the GDM_PARENT_DISPLAY # FIXME: This should be done in code. Or there must be an easier way ... if [ -n "$GDM_PARENT_DISPLAY" ]; then XKBSETUP=`( DISPLAY=$GDM_PARENT_DISPLAY XAUTHORITY=$GDM_PARENT_XAUTHORITY $SETXKBMAP -v )` if [ -n "$XKBSETUP" ]; then XKBKEYMAP=`echo "$XKBSETUP" | grep '^keymap' | awk '{ print $2 }'` XKBTYPES=`echo "$XKBSETUP" | grep '^types' | awk '{ print $2 }'` XKBCOMPAT=`echo "$XKBSETUP" | grep '^compat' | awk '{ print $2 }'` XKBSYMBOLS=`echo "$XKBSETUP" | grep '^symbols' | awk '{ print $2 }'` XKBGEOMETRY=`echo "$XKBSETUP" | grep '^geometry' | awk '{ print $2 }'` if [ -n "$XKBKEYMAP" ]; then $SETXKBMAP -keymap "$XKBKEYMAP" elif [ -n "$XKBTYPES" -a -n "$XKBCOMPAT" -a -n "$XKBSYMBOLS" -a -n "$XKBGEOMETRY" ]; then $SETXKBMAP -types "$XKBTYPES" -compat "$XKBCOMPAT" -symbols "$XKBSYMBOLS" -geometry "$XKBGEOMETRY" elif [ -n "$XKBTYPES" -a -n "$XKBCOMPAT" -a -n "$XKBSYMBOLS" ]; then $SETXKBMAP -types "$XKBTYPES" -compat "$XKBCOMPAT" -symbols "$XKBSYMBOLS" elif [ -n "$XKBSYMBOLS" ]; then $SETXKBMAP -symbols "$XKBSYMBOLS" fi fi fi fi exit 0 /etc/gdm/gdm.conf changed: [daemon] DefaultPath=/usr/sms/bin:/usr/local/bin:/usr/bin:/bin RootPath=/usr/sms/sbin:/usr/sms/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin RemoteGreeter=/usr/lib/gdm/gdmgreeter DoubleLoginWarning=false [security] DisallowTCP=false AllowRoot=true [xdmcp] Enable=true HonorIndirect=true MaxPending=4 MaxPendingIndirect=128 MaxSessions=128 MaxWait=30 MaxWaitIndirect=30 DisplaysPerHost=1 Port=177 Willing=/etc/gdm/Xwilling RemoteGreeter=/usr/lib/gdm/gdmgreeter [gui] [greeter] DefaultWelcome=false Welcome=Welcome to %n GraphicalTheme=happygnome [chooser] [debug] Enable=true [servers] -- debconf information: gdm/daemon_name: /usr/sbin/gdm * shared/default-x-display-manager: gdm -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org