[Bug 823775] Re: Cannot login: could not update ICEauthority file .ICEauthority

Tue, 16 Aug 2011 17:45:53 -0700 

Okay, digging through the lightdm code a little, I'm looking at:

in src/display.c, the start_user_session() function does:
...
    g_debug ("Starting user session");
    user = pam_session_get_user (authentication);
    /* Load the users login settings (~/.dmrc) */
    dmrc_file = dmrc_load (user_get_name (user));
...

And in src/dmrc.c, the dmrc_load() function:
...
    /* Load from the user directory, if this fails (e.g. the user directory
     * is not yet mounted) then load from the cache */
    path = g_build_filename (user_get_home_directory (user), ".dmrc", NULL);
    have_dmrc = g_key_file_load_from_file (dmrc_file, path, 
G_KEY_FILE_KEEP_COMMENTS, NULL);
    g_free (path);
...

Basically, if the user's home directory is not mounted, then something
is *wrong*, and we shouldn't be proceeding yet.  Lightdm should be
blocking until the pam session start completes successfully.

Further down, this is just wrong:
...
    /* Update the users .dmrc */
    if (user)
    {  
        path = g_build_filename (user_get_home_directory (user), ".dmrc", NULL);
        g_file_set_contents (path, data, length, NULL);
        if (getuid () == 0 && chown (path, user_get_uid (user), user_get_gid 
(user)) < 0)
            g_warning ("Error setting ownership on %s: %s", path, strerror 
(errno));
        g_free (path);
    }
...

This is creating the ~/.dmrc file in a read-only $HOME directory as the
root user, and then chowning it over to $USER.  This leaves un-encrypted
files in the user's home directory, which is very much undesirable, if a
user is encrypting their home.

I haven't found a solution yet as I'm only looking at this a little bit
while at a conference, but I thought I'd leave a few notes here :-)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/823775

Title:
  Cannot login: could not update ICEauthority file .ICEauthority

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/823775/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to