*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Marc Deslauriers
(mdeslaur):
Binary package hint: gdm
00] Environment - two users logged in. There is a dedicated root-user account,
with a dedicated password, and the other users have NO sudoer privileges.
01] User#1 request to shut down the machine using gnome panel applet
02] response is a black screen with authorization window requiring password
(picture of keys on left side) and warning that another user is logged in.
[[ BTW ### Nothing in the message states which of the three passwords are
being requested! ]]
03] Each of the three passwords are tried at least once
[[ BTW ### None of the passwords are REPORTED to have been accepted ]]
04] After a final shudder and claim that the password could NOT be
authenticated, the authentication window disappears, and the GDM greeter screen
appears.
[[ HUH?! Did it just 'give up', or did it mis-report a proper password
authentification as improper? If so, which password? ]]
05] The GDM greeter allows the computer to be shut down using the button on the
right side of the lower panel.
[[ But this happedned without authentification !! ]]
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: gdm 2.30.2.is.2.30.0-0ubuntu3 [modified:
usr/share/gdm/gdm-greeter-login-window.ui]
ProcVersionSignature: Ubuntu 2.6.32-24.39-hostname 2.6.32.15+drm33.5
Uname: Linux 2.6.32-24-generic i686
Architecture: i386
Date: Mon Aug 16 01:07:03 2010
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
ProcEnviron:
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: gdm
** Affects: gdm (Ubuntu)
Importance: Undecided
Status: New
** Tags: apport-bug i386 lucid
--
gdm allows shutdown when other accounts open
https://bugs.edge.launchpad.net/bugs/618513
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
