Forgot to mention in changelog:
lightdm (0.9.5-0ubuntu2) oneiric; urgency=low
* debian/lightdm.config: When installing from scratch as part of a release
upgrade, default to lightdm, otherwise ask. (LP: #806559)
* Add 04_dont_write_files_as_root.patch: Do not write ~/.dmrc and
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3349
** Description changed:
Hey,
as you were on CC: I guess you're already aware, but reporting so it can
be tracked upstream.
Short version: http://seclists.org/oss-sec/2011/q3/393
Long version: .dmrc and
I can replicate the bug with creating a root owned /rootfile and ln -s
/rootfile ~/.Xauthority. lightdm changes /rootfile then.
Writing ~/.dmrc uses g_file_set_contents() which is safe against symlink
attacks. However, it's still more robust to drop privileges instead of
chown()ing.
--
You
** Branch linked: lp:~pitti/lightdm/write-user-files-as-user
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/834079
Title:
files written as root to user-controlled folders
Status in
Merge proposal sent.
** Changed in: lightdm (Ubuntu Oneiric)
Status: In Progress = Fix Committed
** Changed in: lightdm
Status: Triaged = Fix Committed
** Changed in: lightdm
Assignee: (unassigned) = Martin Pitt (pitti)
** Changed in: lightdm
Status: Fix Committed =
** Changed in: lightdm (Ubuntu Oneiric)
Status: Triaged = In Progress
** Changed in: lightdm (Ubuntu Oneiric)
Assignee: Robert Ancell (robert-ancell) = Martin Pitt (pitti)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to
Robert, any news?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/834079
Title:
files written as root to user-controlled folders
Status in Light Display Manager:
Triaged
Status in
Absolutely agree, needs to be fixed for 1.0 (and 11.10 for Ubuntu).
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/834079
Title:
files written as root to user-controlled folders
Added a 11.10 milestone since I don't know when this is planning on
getting fixed, but we definitely don't want to release with this (as I'm
sure we all agree :).
** Changed in: lightdm (Ubuntu Oneiric)
Status: New = Triaged
** Changed in: lightdm (Ubuntu Oneiric)
Milestone: None =
** Also affects: lightdm (Ubuntu)
Importance: Undecided
Status: New
** Also affects: lightdm (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Changed in: lightdm (Ubuntu Oneiric)
Importance: Undecided = High
--
You received this bug notification because you are a
** Changed in: lightdm (Ubuntu Oneiric)
Assignee: (unassigned) = Robert Ancell (robert-ancell)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/834079
Title:
files written as root
11 matches
Mail list logo