Bug 188303 - CVE-2006-1057 GDM file permissions race condition
Summary: CVE-2006-1057 GDM file permissions race condition
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: gdm
Version: 5
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
Assignee: Ray Strode [halfline]
QA Contact: Mike McLean
URL:
Whiteboard: impact=low,reported=20060407,public=2...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-04-07 19:05 UTC by Josh Bressers
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-09-17 14:38:16 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Josh Bressers 2006-04-07 19:05:04 UTC 
GDM file permissions race condition

Marcus Meissner discovered a race condition issue in gdm which affects
the way it modifies the permissions on the .ICEauthority file.

The problem is that there is a race condition between the time stat()
is run on the file and the time chown() and chmod() are run.

The patch that caused this error is here:
http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261

We don't have a fix yet.


This issue also affects FC4
Comment 1 Fedora Update System 2006-04-12 01:15:45 UTC 
gdm-2.14.1-1.fc5.1 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 2 Fedora Update System 2006-04-13 02:03:54 UTC 
gdm-2.14.1-1.fc5.2 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 3 Fedora Update System 2006-04-19 15:49:56 UTC 
gdm-2.14.1-1.fc5.2 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 4 Josh Bressers 2006-05-26 13:20:52 UTC 
Ray,

We need to add the fix from this upstream bug:
http://bugzilla.gnome.org/show_bug.cgi?id=340347

We should also push this update for FC4.

Thanks.
Comment 5 A S Alam 2007-09-17 10:19:52 UTC 
ray any update for this?
Comment 6 Ray Strode [halfline] 2007-09-17 14:38:16 UTC 
Fixed some time ago.
Note You need to log in before you can comment on or make changes to this bug.