Bug 105858

Summary: Gdm has issues with names containing shell metacharacters
Product: [Fedora] Fedora Reporter: Alan Cox <alan>
Component: gdmAssignee: Havoc Pennington <hp>
Status: CLOSED RAWHIDE QA Contact: Mike McLean <mikem>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: jirka
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-10-21 19:51:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 100643    

Description Alan Cox 2003-09-28 14:22:22 UTC 
In paticular the gdm PreSession script seems to be short quoting on DISPLAY and
USER in various places that matter.
Comment 1 George Lebl 2003-09-29 21:21:33 UTC 
Fixing in CVS.  Note that xdm as installed on my box (RH9) has the same issues
when it calls sessreg, I assume kdm has the same as well.  However is this truly
"exploitable"?

It would also be nice to know of any other issues such as this in GDM, is this
the only one found?
Comment 2 Alan Cox 2003-09-29 21:35:26 UTC 
I've not done any kind of code review. I don't think its exploitable - you have
to have a valid username containing such characters.
Comment 3 Havoc Pennington 2003-10-21 19:51:01 UTC 
We should have the fix in latest gdm packages