Bug 666220 - The gdm greeter should be configurable so as not to display list of valid user accounts
The gdm greeter should be configurable so as not to display list of valid use...
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: gdm (Show other bugs)
6.5
All Linux
high Severity high
: rc
: ---
Assigned To: Ray Strode [halfline]
Desktop QE
: Reopened
Depends On:
Blocks: 960054 1056252
  Show dependency treegraph
 
Reported: 2010-12-29 12:12 EST by Alan Bartlett
Modified: 2014-05-28 14:34 EDT (History)
17 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-05-28 14:34:40 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Alan Bartlett 2010-12-29 12:12:12 EST
Description of problem: System configured with GUI. The gdm greeter displays a list of all valid user accounts. That is not acceptable for an Enterprise Class OS. It is a significant security lapse that should have been corrected before GA.


Version-Release number of selected component (if applicable): 2.30.4-21


How reproducible: 100%


Steps to Reproduce:
1. Configure a RHEL 6.0 system to run with a GUI
2. Examine the gdm greeter screen
3.
  
Actual results: gdm greeter screen displays a list of all valid user accounts


Expected results: gdm greeter screen should display "Login" and provide an input box for the user to type her|his login id.


Additional info: This bug (yes it is a bug -- a security bug) seems to have its origins in a Fedora "feature". 

(See https://bugzilla.redhat.com/show_bug.cgi?id=449728)
Comment 2 Scott Robbins 2010-12-29 12:47:08 EST
Not even Windows does this.  (Though Apple does.)  Windows will show the last user, but will not give a list of users on the machine. 

The reasons against it, in any kind of work environment, seem obvious to me. 

Typical situation, if the machine is used as workstation---John goes to Bob's machine, sees his login name and guesses that the password is Bob's wife's name.
Comment 3 Ray Strode [halfline] 2011-01-18 17:57:28 EST
You can turn off the user list via GConf configuration.

See http://library.gnome.org/admin/gdm/stable/configuration.html.en for more details.
Comment 4 Alan Bartlett 2011-01-18 18:50:52 EST
Re-opening.

I'm sorry Ray but that Fedora-type response is not appropriate for RHEL.

The correct, default, configuration is with that security defect disabled. If an end user requires it turned on, then they can do so.

This is a security bug and it should be treated as such. The necessary correction should be made to the default configuration and a bug-fixed package released.
Comment 6 RHEL Product and Program Management 2011-01-26 21:28:11 EST
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.
Comment 7 Suzanne Yeghiayan 2011-10-06 14:49:20 EDT
Since RHEL 6.2 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.
               
Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 8 Mike Grima 2011-12-28 07:58:25 EST
There is a problem with the proposed gconf configuration command that supposedly fixes the problem: it kills smart card login support.

Increasingly, many secure environments are using smart cards to control access to their systems, and thus, this command is not a proper workaround to this problem.

I am currently in the process of submitting a support ticket for this to be resolved, because this is very serious.  Displaying all available user accounts on the system is a major security problem that is unacceptable for an enterprise class OS, such as RHEL.

This is a major regression from RHEL 5 which did not present a user list, and also allowed for proper smart card login support.

This problem should, at the very least, be addressed in RHEL 6.3 or 6.4.
Comment 9 Alan Bartlett 2012-10-18 11:04:59 EDT
Bumping this issue to ensure that it is not forgotten.
Comment 12 Alan Bartlett 2013-02-25 14:23:02 EST
RHEL 6u4

Bumping this issue to ensure that it is not forgotten.
Comment 15 Jiri Koten 2013-05-15 10:04:27 EDT
Smartcard login with disabled user list was fixed in gdm-2.30.4-38.el6.

Related errata in rhel64 https://rhn.redhat.com/errata/RHBA-2013-0381.html
[snip]
* With this update, GDM has been modified to allow smartcard authentication when
the visible user list is disabled. (BZ#719647)
Comment 20 Siddharth Nagar 2014-05-28 14:34:40 EDT
We understand that displaying login user names can be undesirable in accordance with corporate security policies. Unfortunately, we cannot change the system installed default behaviour mid-stream. We can however, provide the following as a means to change the default behaviour for your environment:

This policy can be adjusted at machine-level via the /apps/gdm/simple-greeter/disable_user_list GConf configuration key.  To make this change, run gconf-editor as root, navigate to /apps/gdm/simple-greeter, right click on the disable-user-list key and choose "Set as Default" from the context menu.

Alternatively, the gconftool-2 command can be used to --load the updated policy from a suitable xml file:

<gconfentryfile>
  <entrylist base="/apps/gdm/simple-greeter">
    <entry>
      <key>disable_user_list</key>
      <schema_key>/schemas/apps/gdm/simple-greeter/disable_user_list</schema_key>
      <value>
        <bool>true</bool>
      </value>
    </entry>
  </entrylist>
</gconfentryfile>

Note You need to log in before you can comment on or make changes to this bug.