Bug 120914 - xdm should use /dev/urandom [xdm error: Cannot read randomFile "/dev/mem"; X cookies may be easily guessable]
Summary: xdm should use /dev/urandom [xdm error: Cannot read randomFile "/dev/mem"; X ...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: xorg-x11
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Mike A. Harris
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-04-15 07:08 UTC by Aleksey Nogin
Modified: 2007-11-30 22:10 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2004-09-01 11:37:13 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Aleksey Nogin 2004-04-15 07:08:11 UTC 
Currently xdm attempts to use /dev/mem as a source of randomness for
cookie generation. This is a bad idea in any case, but when SELinux is
in enforcing mode, this is especially bad since SELinux prohibits this
and, as xdm-errors log file states, "X cookies may be easily guessable".

The similar bug exists for kdm as well (bug 118051) and it looks that
kdm just borrowed code from xdm. I have investigated the kdm case a
bit more, see details in bug 118051.
Comment 1 Aleksey Nogin 2004-05-06 07:00:31 UTC 
RYI: the kdm version of this bug - bug 118051 - was fixed a few days ago.
Comment 2 Warren Togami 2004-05-06 07:08:23 UTC 
I suspect this is more about avoiding another X rebuild, because it is
very large.  This does not seem to be a very serious problem because
nobody would prefer to use xdm over gdm/kdm, but I could be assuming
too much of course...
Comment 3 Søren Sandmann Pedersen 2004-07-20 17:49:18 UTC 
Fixed upstream.
Comment 4 Mike A. Harris 2004-09-01 11:37:13 UTC 
Upstream X.Org is in our fedora devel builds, changing status to
"RAWHIDE".
Note You need to log in before you can comment on or make changes to this bug.