Bug 51318 - startx in rc.local runs X as root w/out a password
startx in rc.local runs X as root w/out a password
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: XFree86-Servers (Show other bugs)
7.1
i586 Linux
medium Severity medium
: ---
: ---
Assigned To: Mike A. Harris
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-08-09 09:28 EDT by Sean Mahan
Modified: 2007-04-18 12:35 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-08-09 09:28:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Sean Mahan 2001-08-09 09:28:02 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)

Description of problem:
If you put startx at the bottom of /etc/rc.d/rc.local and reboot the os 
comes up as root without having to enter a password.

How reproducible:
Always

Steps to Reproduce:
1.Edit /etc/rc.d/rc.local
2.Type startx as the last entry after the 'fi' at the end of the script
3.Boot the machine
	

Actual Results:  The machine came up into graphical mode and I was root 
without ever having to type a password

Expected Results:  I expected a shortcut to having the graphical login 
come up

Additional info:
Comment 1 Bill Nottingham 2001-08-09 11:04:31 EDT
Um, the graphical login will *never* come up as a result of running startx.
It's a consequence of running gdm, xdm, or kdm.
Comment 2 Sean Mahan 2001-08-09 11:18:20 EDT
Yeah, I figured that but put startx in your rc.local and it runs the command 
startx at boot and since rc.local runs any extra commands that you put in there 
as root it runs the command startx as root which, obviously, starts X.  So, in 
other words it gives you an X session as root regardless of whether or not you 
are root or can even log in as root.  Try it and you'll see what I mean.  It's 
not a programmatic bug, I believe that it's a security issue.
Comment 3 Mike A. Harris 2001-08-09 11:57:27 EDT
No, it is not a programmatical bug, and no it is not a security issue
at all in any way shape or form.

1) Only root can edit rc.local
2) Root can put whatever he/she chooses in rc.local

Instead of startx, consider what would happen if root put this in rc.local:
rm -rf /

That illustrates why this is not a security issue.  root can put whatever
they like in there.  It is up to root to put sensible commands in the
initscripts.  startx is *not* a sensible thing to put in there in a
secure environment.  Solution:  fire root

Note You need to log in before you can comment on or make changes to this bug.