GNOME Bugzilla – Bug 343476
CRITICAL ERROR IN GDM! : GDM Allow to an ordinary user access to "Configure Login Manager..."
Last modified: 2006-06-09 03:46:56 UTC
Please describe the problem:
CRITICAL ERROR IN GDM! : GDM Allow to an ordinary user access to "Configure Login Manager..." option if face list is enabled, here is a big security burnerability.
I test here bug in PLAIN mode with Face List and THEME Mode, the two ways have the bug.
To cause the bug (PLAIN mode with Face List):
Bye and Thanks
Steps to reproduce:
1. Select "Configure Login Manager..." option in Action Menu.
2. Now gdm "need" the "root password", but now select something basic user in the face selector and enter your password.
3.Here is the bug, after you enter the ordinary user password GDM allow access to config, and give root permissions.
Does this happen every time?
This is now fixed in CVS head. Now looking into 2.14 branch.
Yes, problem is in the 2.14 branch. Now fixed there. Now looking into 2.12 branch.
The problem also exists in the 2.8 branch. I just patched the 2.8 branch as well with the fix.
Now the code disables the face browser so you can't click on it between choosing "Configure login" and entering the password - allowing the user to get to the config screen using their user password instead of the root password.
Note this problem happens only if Browser is enabled, SystemMenu is turned on, and Configurator turned on in the configuration file. All non-default choices, though I believe many distros turn these on by default.
Okay, just verified that this problem does not happen in the 2.6 code, which corresponds to the gnome-2-10 branch.
note I said 2.8 branch above but I meant GDM 2.8 which corresponds to the gnome-2-12 branch, which does have the problem.
I will do new releases of the 2.8, 2.12, 2.14, and 2.15 branches as soon as I hear back from the vendor-sec mail alias with advise how to proceed, probably in the next day.
Thanks a lot for taking care of this, Brian :)
:) Not problem, i'm an *nix user, this is my work ;-).
Okay, the latest 2.8 (aka gnome-2.12), 2.14, and 2.15 releases have a
fix for this problem. Closing.