Bug 449728
Summary: | gdm greeter should be configurable to not display list of valid user accounts | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Red Crayon <crayon.red> |
Component: | gdm | Assignee: | jmccann |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | low | ||
Version: | 9 | CC: | beland, cfeller, christophe.drevet, cschalle, fedora.jrg01, gabriel, imc, jdeslip, jon.fairbairn, malcolm.caldwell, mhw, mikel, rstrode, ss, thoger, trkendall, web02 |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-07-14 15:32:22 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Red Crayon
2008-06-03 07:37:00 UTC
No... This is a bug. It really is a security vulnerabilty. And a moderately serious one. It's an unauthorized information disclosure vulnerability. This exposes the list of all valid accounts to any unauthenticated and unauthorized persons who can view the screen. Anyone who disabled this misfeature in past versions of Fedora will be rudely surprised that they just blew away their security precautions by upgrading to F9. This may not even be allowed in some corporate environments where this would violate corporate security policy. Workaround... Switch to kdm. in /etc/sysconfig/desktop DISPLAYMANAGER=KDE Then restart X and "killall gdm-binary" automatic login (no security) or manual entering of username / pass. this hybrid approach does suck. having a huge scrolling list for all usernames in a tiny box really makes it difficult to just login anyway, not to mention the by-default disclosure of information like users on my systems. (i'm lucky andy starts with A) Whose idea was it? where is the rationale? I'm interested to know what could possibly validate this implementation other than "other operating systems make this mistake too" Is there any documentation for gdm-2.22? Upstream page only has docs up to 2.20: http://www.gnome.org/projects/gdm/docs.html Setting Include= or MinimalUID= mentioned in the 2.20 docs does not seem to have any effect. gdmsetup seems to have been dropped as well (as briefly mentioned in the NewGdm feature): http://fedoraproject.org/wiki/Features/NewGdm The Feature description above explains that new gdm attempts to provide smart user list. So is there a way to configure it in a good old non-smart way with no user list? See also bug # 433649 . The crux of these problems is the fact that the functionality easily accessed via the gdmsetup gui is now completely gone. The alpha-ness of this situation, in addition to a few other significant bugs that I've stumbled across in this release, is unacceptable to me. Do we have an ETA on this? Hopefully ASAP? *** Bug 475071 has been marked as a duplicate of this bug. *** Is this not a straight duplicate of bug 433649? It is partially fixed in F10, in that there is a gconf key you can set to disable the user list (although still no configuration utility to make it easy to set). The other bug says that this "might" appear in F9 at some point, but I don't think it has yet. <opinion>Gconf sucks anyway. Give me a configuration file I can edit any day.</opinion> I could not get the gconf key to work. I tried using gconf-editor and gconftool-2 to set the value for /apps/gdm/simple-greeter/disable_user_list. The schema says: # gconftool-2 -g /schemas/apps/gdm/simple-greeter/disable_user_list Type: bool List Type: *invalid* Car Type: *invalid* Cdr Type: *invalid* Default Value: false Owner: gdm-simple-greeter Short Desc: Do not show known users in the login window Long Desc: Set to TRUE to disable showing known users in the login window. So I set the value for /apps/gdm/simple-greeter/disable_user_list to true using gconf-editor. gconftool-2 shows that it is set to true. # gconftool-2 -g /apps/gdm/simple-greeter/disable_user_list true I still get a user list. Fedora 10 is great in some ways, but gconf and simple-greeter is alpha all the way. Workaround for greeter problem running Fedora 10 gconftool-2 --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults \\ --direct --type bool --set /apps/gdm/simple-greeter/disable_user_list true This does away with the execrable user list and also allows one to hide accounts. Found on http://www.nabble.com/Fedora-10-login-screen-td21841705.html By the way # yum install gconf-editor; gconf-editor & \\ yields: "Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://www.gnome.org/projects/gconf/ for information. (Details - 1: Failed to get connection to session: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.)" following "An error occurred while loading or saving configuration information for gconf-editor. Some of your configuration settings may not work properly." followed by some half-working GUI. GnomeUI-WARNING **: While connecting to session manager: None of the authentication protocols specified are supported. Oh, and it said that in my xterm. The workaround, as I understand it, is the proper way to configure things like the simple-greeter now. I had tried it but was missing the "--config-source xml:readwrite:/etc/gconf/gconf.xml.defaults" and wound up modifying root's personal configuration which does nothing to the simple-greeter. BUT now the simple greeter displays "other" and no longer keeps the default desktop, if you have more than one configured, for the user. The user has to enter their user name, enter their password, go to the bottom of the screen and select the desktop that is wanted if other than the default, and then log in. It is safer that the users are not shown on the simple-greeter, but using "other" instead of the user name entered to select the desktop is inconvenient. I hope this will be fixed in a revision. If there is not a bug on this subject, I will file one. I couldn't agree more. The new GDM just plain sucks. It is has been here for 3 releases now - and is still incomplete. That grey login box is dead ugly, and you can't theme it. It shows a list of users but not the icons next to them if you have nfs folders. You can't get rid of the user list without going to gconf. Since there is no configuration tool, you can't set autologin etc... Why on earth are we using this new version??? I echo the original posters statement: the new gdm sucks! This message is a reminder that Fedora 9 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 9. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '9'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 9's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 9 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping This is still present in Fedora 11, though it's now possible to find documentation <http://live.gnome.org/GDM/2.22/Configuration> via <http://fedoraproject.org/wiki/Features/NewGdm#Documentation> Fedora 9 changed to end-of-life (EOL) status on 2009-07-10. Fedora 9 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed. From other reports, this appears to be successfully configurable now in Fedora 11, 12, and 13. Bah... successfully configurable... only if you Google to Comment 9 and come up with: gconftool-2 --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --direct --type bool --set /apps/gdm/simple-greeter/disable_user_list true Fedora 12... esle teh fail. (In reply to comment #17) ... > Fedora 12... esle teh fail. This workaround works in RHEL6 too, as RHEL6 is based off of Fedora 12. Maintainer: This ticket should be reopened under RHEL 6. Furthermore, since this is sort of a security/privacy issue, and RHEL6 is for the "enterprise", shouldn't this be fixed? |