Red Hat Bugzilla – Bug 449728
gdm greeter should be configurable to not display list of valid user accounts
Last modified: 2015-01-14 18:21:22 EST
Description of problem:
The new GDM greeter *sucks*
Yeah, yeah, this is not a bug. Whatever. It sucks.
And. Needs. To. Be. Fixed. Before. People. Start.
Using. Other. Distros.
And it's a security risk to have all the login accounts
displayed. The names of the accounts on my computer are
my business, only. When the TSA guys ask me to boot my
machine, they should see: "USERNAME: ", and *NOT* a list
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Turn on computer.
2. Sucks instantly.
No... This is a bug. It really is a security vulnerabilty. And a moderately
serious one. It's an unauthorized information disclosure vulnerability. This
exposes the list of all valid accounts to any unauthenticated and unauthorized
persons who can view the screen. Anyone who disabled this misfeature in past
versions of Fedora will be rudely surprised that they just blew away their
security precautions by upgrading to F9. This may not even be allowed in some
corporate environments where this would violate corporate security policy.
Workaround... Switch to kdm.
Then restart X and "killall gdm-binary"
automatic login (no security) or manual entering of username / pass.
this hybrid approach does suck.
having a huge scrolling list for all usernames in a tiny box really makes it
difficult to just login anyway, not to mention the by-default disclosure of
information like users on my systems. (i'm lucky andy starts with A)
Whose idea was it?
where is the rationale?
I'm interested to know what could possibly validate this implementation other
than "other operating systems make this mistake too"
Is there any documentation for gdm-2.22? Upstream page only has docs up to 2.20:
Setting Include= or MinimalUID= mentioned in the 2.20 docs does not seem to have
any effect. gdmsetup seems to have been dropped as well (as briefly mentioned
in the NewGdm feature):
The Feature description above explains that new gdm attempts to provide smart
user list. So is there a way to configure it in a good old non-smart way with
no user list?
See also bug # 433649 . The crux of these problems is the fact that the
functionality easily accessed via the gdmsetup gui is now completely gone. The
alpha-ness of this situation, in addition to a few other significant bugs that
I've stumbled across in this release, is unacceptable to me. Do we have an ETA
on this? Hopefully ASAP?
*** Bug 475071 has been marked as a duplicate of this bug. ***
Is this not a straight duplicate of bug 433649? It is partially fixed in F10, in that there is a gconf key you can set to disable the user list (although still no configuration utility to make it easy to set). The other bug says that this "might" appear in F9 at some point, but I don't think it has yet.
<opinion>Gconf sucks anyway. Give me a configuration file I can edit any day.</opinion>
I could not get the gconf key to work.
I tried using gconf-editor and gconftool-2 to set the value for /apps/gdm/simple-greeter/disable_user_list. The schema says:
# gconftool-2 -g /schemas/apps/gdm/simple-greeter/disable_user_list
List Type: *invalid*
Car Type: *invalid*
Cdr Type: *invalid*
Default Value: false
Short Desc: Do not show known users in the login window
Long Desc: Set to TRUE to disable showing known users in the login window.
So I set the value for /apps/gdm/simple-greeter/disable_user_list to true using gconf-editor. gconftool-2 shows that it is set to true.
# gconftool-2 -g /apps/gdm/simple-greeter/disable_user_list
I still get a user list.
Fedora 10 is great in some ways, but gconf and simple-greeter is alpha all the way.
Workaround for greeter problem running Fedora 10
gconftool-2 --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults \\ --direct --type bool --set /apps/gdm/simple-greeter/disable_user_list true
This does away with the execrable user list and also allows one to hide accounts.
Found on http://www.nabble.com/Fedora-10-login-screen-td21841705.html
By the way
# yum install gconf-editor; gconf-editor & \\ yields:
"Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://www.gnome.org/projects/gconf/ for information. (Details - 1: Failed to get connection to session: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.)"
"An error occurred while loading or saving configuration information for gconf-editor. Some of your configuration settings may not work properly."
followed by some half-working GUI.
GnomeUI-WARNING **: While connecting to session manager:
None of the authentication protocols specified are supported.
Oh, and it said that in my xterm.
The workaround, as I understand it, is the proper way to configure things like the simple-greeter now. I had tried it but was missing the "--config-source xml:readwrite:/etc/gconf/gconf.xml.defaults" and wound up modifying root's personal configuration which does nothing to the simple-greeter.
BUT now the simple greeter displays "other" and no longer keeps the default desktop, if you have more than one configured, for the user. The user has to enter their user name, enter their password, go to the bottom of the screen and select the desktop that is wanted if other than the default, and then log in.
It is safer that the users are not shown on the simple-greeter, but using "other" instead of the user name entered to select the desktop is inconvenient. I hope this will be fixed in a revision. If there is not a bug on this subject, I will file one.
I couldn't agree more. The new GDM just plain sucks. It is has been here for 3 releases now - and is still incomplete. That grey login box is dead ugly, and you can't theme it. It shows a list of users but not the icons next to them if you have nfs folders. You can't get rid of the user list without going to gconf. Since there is no configuration tool, you can't set autologin etc...
Why on earth are we using this new version??? I echo the original posters statement: the new gdm sucks!
This message is a reminder that Fedora 9 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 9. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora
'version' of '9'.
Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version prior to Fedora 9's end of life.
Bug Reporter: Thank you for reporting this issue and we are sorry that
we may not be able to fix it before Fedora 9 is end of life. If you
would still like to see this bug fixed and are able to reproduce it
against a later version of Fedora please change the 'version' of this
bug to the applicable version. If you are unable to change the version,
please add a comment here and someone will do it for you.
Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.
The process we are following is described here:
This is still present in Fedora 11, though it's now possible to find documentation <http://live.gnome.org/GDM/2.22/Configuration> via <http://fedoraproject.org/wiki/Features/NewGdm#Documentation>
Fedora 9 changed to end-of-life (EOL) status on 2009-07-10. Fedora 9 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.
If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version.
Thank you for reporting this bug and we are sorry it could not be fixed.
From other reports, this appears to be successfully configurable now in Fedora 11, 12, and 13.
Bah... successfully configurable... only if you Google to Comment 9 and come up with:
gconftool-2 --config-source xml:readwrite:/etc/gconf/gconf.xml.defaults --direct --type bool --set /apps/gdm/simple-greeter/disable_user_list true
Fedora 12... esle teh fail.
(In reply to comment #17)
> Fedora 12... esle teh fail.
This workaround works in RHEL6 too, as RHEL6 is based off of Fedora 12.
This ticket should be reopened under RHEL 6.
Furthermore, since this is sort of a security/privacy issue, and RHEL6 is for the "enterprise", shouldn't this be fixed?