Your message dated Fri, 27 Mar 2015 21:32:44 +0100 with message-id <1427488364.25801.58.ca...@debian.org> and subject line Re: [Pkg-xfce-devel] Bug#781080: lightdm: allows login as root by default has caused the Debian Bug report #781080, regarding lightdm: allows login as root by default to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 781080: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781080 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message --------BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: lightdm Version: 1.10.3-3 Severity: normal Dear Maintainer, until today I had not even tried this, when I typed 'root' and the password into the lightdm-mask instead of into VT-4-login. I was quite surprised, that lightdm allows root-login, I also did not find, where to switch this off in the text-configuration. I have tried some things about X-login, but a root-session from lightdm is clearly not what I wanted. In my opinion this is *INSECURE*, if I need graphical root-access, then I start thunar for instance from the terminal, saying 'sudo thunar', but having a completely root-Xsession is most probably not recommended at all. Please revert this to normal and add a configuration-option to enable it, if hackers need the it in order to test X-security. Maybe this is related to systemd. - -- System Information: Debian Release: 8.0 APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.16.7-ckt7edtp (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages lightdm depends on: ii adduser 3.113+nmu3 ii consolekit 0.4.6-5 ii dbus 1.8.16-1 ii debconf [debconf-2.0] 1.5.56 ii libc6 2.19-15 ii libgcrypt20 1.6.2-4+b1 ii libglib2.0-0 2.42.1-1 ii libpam-systemd 215-12 ii libpam0g 1.1.8-3.1 ii libxcb1 1.10-3+b1 ii libxdmcp6 1:1.1.1-1+b1 ii lightdm-gtk-greeter [lightdm-greeter] 1.8.5-2 Versions of packages lightdm recommends: ii xserver-xorg 1:7.7+7 Versions of packages lightdm suggests: ii accountsservice 0.6.37-3+b1 ii upower 0.99.1-3.1 - -- debconf information: * shared/default-x-display-manager: lightdm lightdm/daemon_name: /usr/sbin/lightdm -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlURIv0ACgkQ5+rBHyUt5wu7WwCgrU6OFQNk1a7onAULMGK5/T4u v0oAoMMW/ZDQpzcW+7pdkg07gJJ6wlAi =BD1o -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---control: tag -1 wontfix On mar., 2015-03-24 at 09:40 +0100, Andreas Glaeser wrote: > until today I had not even tried this, when I typed 'root' and the password > into the > lightdm-mask instead of into VT-4-login. > > I was quite surprised, that lightdm allows root-login, I also did not find, > where to > switch this off in the text-configuration. As far as I can tell, Debian has always authorized graphical root login, same as console login. > > I have tried some things about X-login, but a root-session from lightdm is > clearly not > what I wanted. Then don't do it? > > In my opinion this is *INSECURE*, if I need graphical root-access, then I > start thunar > for instance from the terminal, saying 'sudo thunar', but having a completely > root-Xsession is most probably not recommended at all. Then again, don't do it? > > Please revert this to normal and add a configuration-option to enable it, if > hackers need > the it in order to test X-security. There is nothing to revert, this is the default behavior. If you don't want a root user, you're free to disable it (the installer even has an option for that, afair). You can disallow root login on local X displays by editing /etc/securetty and removing them from the list. You can also tune the PAM configuration in /etc/pam.d, see pam documentation. > > Maybe this is related to systemd. Completely unrelated. -- Yves-Alexissignature.asc
Description: This is a digitally signed message part
--- End Message ---
_______________________________________________ Pkg-xfce-devel mailing list Pkg-xfce-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-xfce-devel