Bug 118051
Summary: | kdm should not read /dev/mem | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Aleksey Nogin <aleksey> |
Component: | kdebase | Assignee: | Than Ngo <than> |
Status: | CLOSED RAWHIDE | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | russell, wtogami |
Target Milestone: | --- | Keywords: | Security, SELinux |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-05-01 13:23:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 114961 |
Description
Aleksey Nogin
2004-03-11 14:59:51 UTC
*** Bug 118123 has been marked as a duplicate of this bug. *** I have looked at the code a bit. In order for this to work correctly, the kdm/backend/genauth.c file has to be compiled with DEV_RANDOM define set to "/dev/urandom". Configure creates kdm/backend/Imakefile that contains the following: #ifdef RandomDefines RANDOM_DEFINES = RandomDefines #elif defined(OpenBSDArchitecture) RANDOM_DEFINES = -DARC4_RANDOM #elif defined(LinuxArchitecture) RANDOM_DEFINES = -DDEV_RANDOM=\"/dev/urandom\" #elif defined(NetBSDArchitecture) && \ ((OSMajorVersion > 1) || \ (OSMajorVersion == 1 && OSMinorVersion > 3)) RANDOM_DEFINES = -DDEV_RANDOM=\"/dev/urandom\" #endif However, the -DDEV_RANDOM=\"/dev/urandom\" never makes it into the actual Makefile. P.S. A possible workaround is to add the "RandomDevice=/dev/urandom" line to the "General" section of the kdmrc. P.P.S. The same bug exists in xdm (not surprizingly - it appears that the code was borrowed from xdm originally) - see bug 120914. P.P.P.S. kdm complains "Cannot read randomFile "/dev/mem"; X cookies may be easily guessable" because of this, so I guess this makes it a security problem. i have added a fix for using urandom instead mem. It's fixed in kdebase-3.2.2-3. Thanks for your report. |