Bug 1577646
Summary: | Fedora MATE Desktop should default to GDM to avoid security risks | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Bastiaan Jacques <bastiaan> |
Component: | mate-desktop | Assignee: | Wolfgang Ulbrich <fedora> |
Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 28 | CC: | fedora, leigh123linux, stefano |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-05-14 14:37:42 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Bastiaan Jacques
2018-05-13 17:58:37 UTC
*** This bug has been marked as a duplicate of bug 1078808 *** GDM has too many unwanted deps like gnome-shell That presumes that people use MATE because they care about dependency trees. (Hint: they don't.) This bug is not about improving LightDM (and therefore isn't a duplicate of bug 1078808). It is about changing the default display manager for Fedora MATE. (In reply to Bastiaan Jacques from comment #3) > That presumes that people use MATE because they care about dependency trees. > (Hint: they don't.) In your opinion which isn't worth squat. Are you going to fix GDM so it doesn't interfere with mate-screensaver or user-switching? Both those issues need addressing before this could be considered, perhaps you should file the issue with upstream GDM and request they remove/'or make' the screen-locker optional and fix user-switching issue with all non-gnome DE. (In reply to leigh scott from comment #4) > (In reply to Bastiaan Jacques from comment #3) > > That presumes that people use MATE because they care about dependency trees. > > (Hint: they don't.) > > In your opinion which isn't worth squat. > > Are you going to fix GDM so it doesn't interfere with mate-screensaver or > user-switching? > Both those issues need addressing before this could be considered I've just tried mate-screensaver together with GDM and did not notice any problems. User switching doesn't seem to work from the menu (nothing is shown), but does work if you switch to the display GDM is running on. > perhaps > you should file the issue with upstream GDM and request they remove/'or > make' the screen-locker optional and fix user-switching issue with all > non-gnome DE. I see you have some hostility problems. Let's focus on the technical issues and leave the temper tantrums for the playground, shall we? (In reply to Bastiaan Jacques from comment #5) > (In reply to leigh scott from comment #4) > > (In reply to Bastiaan Jacques from comment #3) > > > That presumes that people use MATE because they care about dependency trees. > > > (Hint: they don't.) > > > > In your opinion which isn't worth squat. > > > > Are you going to fix GDM so it doesn't interfere with mate-screensaver or > > user-switching? > > Both those issues need addressing before this could be considered > > I've just tried mate-screensaver together with GDM and did not notice any > problems. User switching doesn't seem to work from the menu (nothing is > shown), but does work if you switch to the display GDM is running on. > So gdm doesn't try to start it's screen-locker at all? > > perhaps > > you should file the issue with upstream GDM and request they remove/'or > > make' the screen-locker optional and fix user-switching issue with all > > non-gnome DE. > > I see you have some hostility problems. Let's focus on the technical issues > and leave the temper tantrums for the playground, shall we? The hostility to gnome is well earned, as for temper tantrums, except your idea has been rejected and move on! Fixing GDM so it works with Mate (or vise versa) isn't in the bug scope here and should be reported upstream by an interested party (you in this case). (In reply to leigh scott from comment #6) > > The hostility to gnome is well earned, as for temper tantrums, except your > idea has been rejected and move on! Are you the Fedora MATE Desktop maintainer? (In reply to Bastiaan Jacques from comment #7) > (In reply to leigh scott from comment #6) > > > > The hostility to gnome is well earned, as for temper tantrums, except your > > idea has been rejected and move on! > > Are you the Fedora MATE Desktop maintainer? No, but we work closely together so I know his view on this matter with 99.9999% certainty. @Wolfgang Do you have any intention to switch to GDM to accommodate a few users and adding to your workload? I do not have any motivation to use gdm (a monster) for Mate desktop. - gdm pulls in to much dependencies which we don't need - this will blow up size of Mate Compiz spin for no reason. - Most users loves Mate because of the speed and using low resources. - Gnome do not really respect other desktop, so i expect no help from gdm devs if we have problems. I don't like to hear sentences like this. " It's your problem if you use gdm, you have to be fixed issues with gdm in MATE". Believe me, i heard such things very often in the past. - Using gdm slow down desktop start. - Gdm itself doesn't start fast. - I never saw security issues or attacks in my logs of my box because of using lightdm. .... and and and. Why not switching for yourself to gdm if you think lightdm is insecure? You can do that with 3 command at commad line ;) PS: Leigh is Co-maintainer, his opinion is my opinion..... (In reply to Wolfgang Ulbrich from comment #9) > - I never saw security issues or attacks in my logs of my box because of > using lightdm. Just in case it is not clear, I do not mean to imply that Lightdm's code is insecure per se. But Xorg is a huge body of code that certainly has many security vulnerabilities still to be announced. The age old mantra on Unix-like systems is "never run anything as root that doesn't absolutely need it", and this is one case where I think it is quite important to follow it, now what we can. An exploitable bug in Xorg means the attacker gets root on your machine. And he probably won't have the courtesy to make an entry in your logs. ;) > Why not switching for yourself to gdm if you think lightdm is insecure? > You can do that with 3 command at commad line ;) I did that as soon as I realized lightdm runs Xorg as root. I created this bug not for myself but for the benefit of other people who may not be aware that Xorg bugs can lead to their whole system being compromised because it still runs as root. > PS: Leigh is Co-maintainer, his opinion is my opinion..... Frankly, from the level of immaturity displayed in his comments here it is difficult to take him seriously. I do appreciate you taking the time to explain your views nicely. |