Your message dated Tue, 18 Mar 2008 18:17:08 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#469462: fixed in ldm 2:0.1~bzr20071217-1+lenny1
has caused the Debian Bug report #469462,
regarding X access wide open on LTSP clients
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
469462: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469462
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: ltsp
Version: 5.0.40~bzr20080214-1~40.etch.0
Severity: critical
X connections to :6 on LTSP clients are possible from any machine on the
network.
Some notes:
- LDM_DIRECTX = False or True does not change anything
- on the client, X is running with the '-auth /root/.Xauthority' flag.
However, /root is mounted ro by default. Adding it to copy_dirs in
/etc/default/ltsp-client-setup allows .Xauthority to be generated, but
X connections are still possible.
- using iptables rules, we could at least restrict access to the
terminal server
best,
-Christian
--
Dr. Christian Herzog e-mail: [EMAIL PROTECTED]
IT Systems Specialist voice: +41 44 633 3950
Department of Physics office: HPR E86.1
Swiss Federal Institute of Technology 8093 Zurich, Switzerland
--- End Message ---
--- Begin Message ---
Source: ldm
Source-Version: 2:0.1~bzr20071217-1+lenny1
We believe that the bug you reported is fixed in the latest version of
ldm, which is due to be installed in the Debian FTP archive:
ldm_0.1~bzr20071217-1+lenny1.diff.gz
to pool/main/l/ldm/ldm_0.1~bzr20071217-1+lenny1.diff.gz
ldm_0.1~bzr20071217-1+lenny1.dsc
to pool/main/l/ldm/ldm_0.1~bzr20071217-1+lenny1.dsc
ldm_0.1~bzr20071217-1+lenny1_amd64.deb
to pool/main/l/ldm/ldm_0.1~bzr20071217-1+lenny1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Vagrant Cascadian <[EMAIL PROTECTED]> (supplier of updated ldm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 17 Mar 2008 14:24:04 -0700
Source: ldm
Binary: ldm
Architecture: source amd64
Version: 2:0.1~bzr20071217-1+lenny1
Distribution: testing-security
Urgency: low
Maintainer: LTSP Debian/Ubuntu Maintainers <[EMAIL PROTECTED]>
Changed-By: Vagrant Cascadian <[EMAIL PROTECTED]>
Description:
ldm - LTSP display manager
Closes: 469462
Changes:
ldm (2:0.1~bzr20071217-1+lenny1) testing-security; urgency=low
.
* backport patches from sid:
- patch fixing X access security bug (Closes: #469462)
- add support for and build-depend on dpatch
- include ltsp screen script (previously in ltsp-client-core
package, needed to start ldm)
- drop ltspfs related ldm hook scripts (moved to ltspfsd package,
which conflicts with ldm <= 2:0.1~bzr20071217-1)
Files:
15565ba0737365bcfd259830f413b4e3 874 misc optional
ldm_0.1~bzr20071217-1+lenny1.dsc
8e81642bad704654c1cd5583ea224c39 441489 misc optional
ldm_0.1~bzr20071217.orig.tar.gz
644c6ab22e94499c2466f1870c5e3e9b 5729 misc optional
ldm_0.1~bzr20071217-1+lenny1.diff.gz
db35851bdf533c314cb24ac8f95b3156 137608 misc optional
ldm_0.1~bzr20071217-1+lenny1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH3+5cHYflSXNkfP8RAgAkAJ0QWfhwRneOueIvqrELp36CsxY4ygCggues
20PD+5rYQF3g9z9p65O9Vvo=
=LNzS
-----END PGP SIGNATURE-----
--- End Message ---
