Bug 193611 - CRITICAL ERROR IN GDM! : GDM Allow to an ordinary user access to "Configure Login Manager..."
CRITICAL ERROR IN GDM! : GDM Allow to an ordinary user access to "Configure L...
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: gdm (Show other bugs)
5
All Linux
medium Severity urgent
: ---
: ---
Assigned To: Ray Strode [halfline]
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-05-31 01:05 EDT by Ví­ctor Daniel
Modified: 2008-03-18 14:33 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-18 14:33:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Ví­ctor Daniel 2006-05-31 01:05:50 EDT
CRITICAL ERROR IN GDM! : GDM Allow to an ordinary user access to "Configure 
Login Manager..." option if face list is enabled, here is a big security 
burnerability.

I test here bug in PLAIN mode with Face List and THEME Mode, the two ways have 
the bug.

To cause the bug (PLAIN mode with Face List):
1. Select "Configure Login Manager..." option in Action Menu.
2. Now gdm "need" the "root password", but now select something basic user in 
the face selector and enter your password.
3.Here is the bug, after you enter the ordinary user password GDM allow access 
to config, and give root permissions.


Bye and Thanks
Daniel
bombayvdmo@yahoo.com.mx

Actual results:


Expected results:


Additional info:
Comment 1 Ray Strode [halfline] 2008-03-18 14:33:36 EDT
Hi,

We no longer support Fedora Core 5 and I am currently trying to get my open bug
count down to a more manageable state.  I'm going to close this bug as WONTFIX.
 If this issue is still a concern for you, would you mind trying to reproduce on
a supported version of Fedora and reopening?

(this is a mass message)

Note You need to log in before you can comment on or make changes to this bug.