Bug 3271 - gdm-1.1.0-35 silently fails if home directory is 777
Summary: gdm-1.1.0-35 silently fails if home directory is 777
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: gdm (Show other bugs)
(Show other bugs)
Version: 6.0
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Elliot Lee
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-06-04 16:59 UTC by nelson
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-10-29 14:38:07 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description nelson 1999-06-04 16:59:41 UTC
If a user with a world-writeable directory tries to log in,
gdm will accept their password, clear the screen as if to
start the session, and then immediately kill the session and
return to the login box. No error messages are presented,
and we couldn't even find any explanation in a log file
anywhere.

I'm not sure if the bug is in gdm itself or the login
scripts that Redhat 6.0 uses. I have also submitted this as
a Gnome bug.

Comment 1 nelson 1999-06-04 17:00:59 UTC
This is listed as Gnome bug report #1393

Comment 2 David Lawrence 1999-06-04 21:39:59 UTC
I have verified this to be true on a test lab machine with a stock 6.0
intall. I created a sample user account. chmod 777 that users home
directory. Then using gdm attempted to login as the sample user with
out success. It would come back to the gdm login screen. I then chmod
755 the home directory and then was able to successfully login to the
gnome desktop.

Comment 3 nelson 1999-06-07 15:31:59 UTC
This might just be a good security measure - with xauth style
security, a world-writeable home directory is a really bad idea.
If this is correct behaviour, then the "fix" should be to make
sure the user understands why they weren't allowed to log in.
Some sort of visible error message...

Comment 4 Elliot Lee 1999-08-31 23:54:59 UTC
Assign to mkj for now.

Comment 5 Elliot Lee 1999-10-29 14:38:59 UTC
Try getting the gdm-2.0beta2-13 from RHL 6.1


Note You need to log in before you can comment on or make changes to this bug.