Bug 188303 - CVE-2006-1057 GDM file permissions race condition
CVE-2006-1057 GDM file permissions race condition
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: gdm (Show other bugs)
5
All Linux
medium Severity low
: ---
: ---
Assigned To: Ray Strode [halfline]
Mike McLean
impact=low,reported=20060407,public=2...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-07 15:05 EDT by Josh Bressers
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-17 10:38:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2006-04-07 15:05:04 EDT
GDM file permissions race condition

Marcus Meissner discovered a race condition issue in gdm which affects
the way it modifies the permissions on the .ICEauthority file.

The problem is that there is a race condition between the time stat()
is run on the file and the time chown() and chmod() are run.

The patch that caused this error is here:
http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261

We don't have a fix yet.


This issue also affects FC4
Comment 1 Fedora Update System 2006-04-11 21:15:45 EDT
gdm-2.14.1-1.fc5.1 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 2 Fedora Update System 2006-04-12 22:03:54 EDT
gdm-2.14.1-1.fc5.2 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 3 Fedora Update System 2006-04-19 11:49:56 EDT
gdm-2.14.1-1.fc5.2 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 4 Josh Bressers 2006-05-26 09:20:52 EDT
Ray,

We need to add the fix from this upstream bug:
http://bugzilla.gnome.org/show_bug.cgi?id=340347

We should also push this update for FC4.

Thanks.
Comment 5 A S Alam 2007-09-17 06:19:52 EDT
ray any update for this?
Comment 6 Ray Strode [halfline] 2007-09-17 10:38:16 EDT
Fixed some time ago.

Note You need to log in before you can comment on or make changes to this bug.