On mer., 2011-08-24 at 18:33 +0200, Moritz Muehlenhoff wrote: > Sebastian Kramer posted the following to oss-security: > > --- > > From: Sebastian Krahmer <[email protected]> > To: [email protected] > Cc: [email protected] > Subject: [oss-security] lightdm issues > > Hi, > > lightdm (0.9.2) which aims to be a xdm replacement seems to > fall into the same pitfalls like kdm and gdm recently. There is > a lot of uid 0 code creating and chown()ing files in user dirs such as > for ~/.dmrc and ~/.Xauthority. Probably more, depending on > how the permissions of cache and log directories are set up. For > example > process_start() also creates and chown()s logfiles on users behalf. > > There is also one thing that I dont understand about the lightdm > user itself and why pam sessions seem to be started for it inside > the greeter session code. > > The xdmcp code seems to be OK so far, after a quick review.
Yup, I'm on oss-sec so I've seen this and am waiting for Robert answer. I guess the proper way to do it would be to move all the user-related work *after* the setuid() call and before exec()ing the session wrapper. Not sure how gdm3/xdm/slim handle that but there might be inspiration there too. Regards, -- Yves-Alexis _______________________________________________ Pkg-xfce-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-xfce-devel
