105858 – Gdm has issues with names containing shell metacharacters

Bug 105858 - Gdm has issues with names containing shell metacharacters

Summary: Gdm has issues with names containing shell metacharacters

Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	gdm (Show other bugs)
Sub Component:	(Show other bugs)
Version:	rawhide
Hardware:	All Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Havoc Pennington
QA Contact:	Mike McLean
Docs Contact:
URL:
Whiteboard:
Keywords:	Triaged
Depends On:
Blocks:	CambridgeBlocker
TreeView+	depends on / blocked

Reported:	2003-09-28 14:22 UTC by Alan Cox
Modified:	2007-11-30 22:10 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2003-10-21 19:51:01 UTC
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Alan Cox 2003-09-28 14:22:22 UTC

In paticular the gdm PreSession script seems to be short quoting on DISPLAY and
USER in various places that matter.

Comment 1 George Lebl 2003-09-29 21:21:33 UTC

Fixing in CVS.  Note that xdm as installed on my box (RH9) has the same issues
when it calls sessreg, I assume kdm has the same as well.  However is this truly
"exploitable"?

It would also be nice to know of any other issues such as this in GDM, is this
the only one found?

Comment 2 Alan Cox 2003-09-29 21:35:26 UTC

I've not done any kind of code review. I don't think its exploitable - you have
to have a valid username containing such characters.

Comment 3 Havoc Pennington 2003-10-21 19:51:01 UTC

We should have the fix in latest gdm packages

Note You need to log in before you can comment on or make changes to this bug.

TreeView+

- Top of page