Bug 128295 - gdm 2.2 doesn't reset egid
gdm 2.2 doesn't reset egid
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: gdm (Show other bugs)
2.1
All Linux
low Severity medium
: ---
: ---
Assigned To: Ray Strode [halfline]
Mike McLean
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-07-21 08:54 EDT by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:06 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-09-28 19:05:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2004-07-21 08:54:05 EDT
In early 2002 gnome 1.4.1 announcement said 

        gdm (2.2.4.1 -> 2.2.5.4)

        "SECURITY FIX! reset egid to user gid before starting a 
         session. robustness fixes, ....."

No CVE name was assigned to this issue.

Using gnome webcvs I traced that message to this patch:
http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.111&r2=1.112

   "set egid to the correct value before we do setuid
   to avoid running the session with gdm group privilages.  (Note 
   that all session files run bash and thus drop those, but this
   is a problem for the failsafes)"

Looking at the gdm package we shipped with RHEL2.1 (gdm-2.2.3.1-20)
and subsequent errata (gdm-2.2.3.1-20.1) they do not contain this fix.

This is a minor issue, but we should correct it in the future along
with any other gdm fixes.
Comment 1 Ray Strode [halfline] 2004-09-28 19:05:24 EDT
Hi Mark.

It looks to me like gdm-2.2.3.1 isn't affected by this problem.  It
already calls setgid() and initgroups() before calling setuid(), so
setegid() shouldn't be needed:

        if (setgid (pwent->pw_gid) < 0)
                gdm_child_exit (DISPLAY_REMANAGE,
                                _("gdm_slave_session_start: Could not
setgid %d. Aborting."), pwent->pw_gid);

        if (initgroups (login, pwent->pw_gid) < 0)
                gdm_child_exit (DISPLAY_REMANAGE,
                                _("gdm_slave_session_start:
initgroups() failed for %s. Aborting."), login);

        if (setuid (pwent->pw_uid) < 0)
                gdm_child_exit (DISPLAY_REMANAGE,
                                _("gdm_slave_session_start: Could not
become %s. Aborting."), login);

I'm closing NOTABUG, but if I've missed something, please reopen.  Thanks.
Comment 2 Mark J. Cox (Product Security) 2004-09-30 07:12:38 EDT
Confirmed, gdm-2.2.3.1 isn't affected by this problem.  It seems that
the issue was introduced by this update:
http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.108&r2=1.109

Note You need to log in before you can comment on or make changes to this bug.