Bug 128295

Summary: gdm 2.2 doesn't reset egid
Product: Red Hat Enterprise Linux 2.1 Reporter: Mark J. Cox <mjc>
Component: gdmAssignee: Ray Strode [halfline] <rstrode>
Status: CLOSED NOTABUG QA Contact: Mike McLean <mikem>
Severity: medium Docs Contact:
Priority: low    
Version: 2.1CC: bressers, hp
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-09-28 23:05:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mark J. Cox 2004-07-21 12:54:05 UTC 
In early 2002 gnome 1.4.1 announcement said 

        gdm (2.2.4.1 -> 2.2.5.4)

        "SECURITY FIX! reset egid to user gid before starting a 
         session. robustness fixes, ....."

No CVE name was assigned to this issue.

Using gnome webcvs I traced that message to this patch:
http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.111&r2=1.112

   "set egid to the correct value before we do setuid
   to avoid running the session with gdm group privilages.  (Note 
   that all session files run bash and thus drop those, but this
   is a problem for the failsafes)"

Looking at the gdm package we shipped with RHEL2.1 (gdm-2.2.3.1-20)
and subsequent errata (gdm-2.2.3.1-20.1) they do not contain this fix.

This is a minor issue, but we should correct it in the future along
with any other gdm fixes.
Comment 1 Ray Strode [halfline] 2004-09-28 23:05:24 UTC 
Hi Mark.

It looks to me like gdm-2.2.3.1 isn't affected by this problem.  It
already calls setgid() and initgroups() before calling setuid(), so
setegid() shouldn't be needed:

        if (setgid (pwent->pw_gid) < 0)
                gdm_child_exit (DISPLAY_REMANAGE,
                                _("gdm_slave_session_start: Could not
setgid %d. Aborting."), pwent->pw_gid);

        if (initgroups (login, pwent->pw_gid) < 0)
                gdm_child_exit (DISPLAY_REMANAGE,
                                _("gdm_slave_session_start:
initgroups() failed for %s. Aborting."), login);

        if (setuid (pwent->pw_uid) < 0)
                gdm_child_exit (DISPLAY_REMANAGE,
                                _("gdm_slave_session_start: Could not
become %s. Aborting."), login);

I'm closing NOTABUG, but if I've missed something, please reopen.  Thanks.
Comment 2 Mark J. Cox 2004-09-30 11:12:38 UTC 
Confirmed, gdm-2.2.3.1 isn't affected by this problem.  It seems that
the issue was introduced by this update:
http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.108&r2=1.109