Red Hat Bugzilla – Bug 500704
xdm creates unsecured session
Last modified: 2009-06-02 10:22:10 EDT
Description of problem:
Recent xdm (Fedora 10 update) changed "auth" dir (where auth files shared between xdm and Xserver are stored) from /etc/X11/xdm/authdir to /var/lib/xdm. Unfortunately the package doesn't create the latter and this ends in an unsecure X11 sessions. Creating /var/lib/xdm manually fixes it.
Version-Release number of selected component (if applicable):
Just install the package and run xdm with local Xserver
Steps to Reproduce:
1. install xdm
2. run it
3. watch the login window
The login window says "this is an unsecure session" (unsecureGreeting).
It should say something like "this is machine_name" (greeting)
Perhaps the /etc/x11/xdm-config file could be marked as "config". Silently changing XDM config file while upgrading is a security issue as well.
I'm not marking this security as there is no sensitive info here, but I guess it's "severity = high" as it's plain security hole on multiuser systems (until fixed by mkdir /var/lib/xdm followed by restarting local Xserver(s)).
Could you please test my solution (I don't use xdm myself) with these scratch builds?
http://koji.fedoraproject.org/koji/taskinfo?taskID=1354556 (Rawhide, F-12)
I've installed xorg-x11-xdm-1.1.6-8.fc10.x86_64 and it fixed both problems.
Thanks a lot.
xorg-x11-xdm-1.1.6-8.fc10 has been submitted as an update for Fedora 10.
Thanks a lot for letting us know. Yenya, you are released from your promise.
But, give it points (plus or minus) to bodhi, please.
xorg-x11-xdm-1.1.6-8.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update xorg-x11-xdm'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-4985
Do I need to take an additional action WRT this bug? No?
*** Bug 491485 has been marked as a duplicate of this bug. ***
(In reply to comment #7)
> Do I need to take an additional action WRT this bug? No?
No, you don't. Thank you very much.
xorg-x11-xdm-1.1.6-8.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.