GNOME Bugzilla – Bug 704284
when disable-user-list=true, cancelling login leaves gdm in unusable state
Last modified: 2018-05-24 10:53:57 UTC
This was originally reported in http://bugs.debian.org/683338, and it appears to be true for gdm 3.4.1 (in debian wheezy) When gdm's greeter has disable-user-list is set to true, if the user enters a username, they are presented with a password prompt, which has a "login" and a "cancel" button. If they click the "cancel" button, then all user-interactive fields disappear, and there is no way to log into the display manager. This cripples the ability for normal users to log into the machine, which is a pretty bad outcome.
It should be mentioned that the problem occurs with the fallback greeter.
This is now CVE-2013-7273 http://www.openwall.com/lists/oss-security/2014/01/07/16
I can confirm the bug. I have proposed a patch here : https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751140 Baptiste.
The fallback greeter is gone, I guess this bug could be closed? But debian stable is still running a version affected by this. Could it be possible to have a comment on the patches proposed in both: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751140 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683338 Thanks
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/gdm/issues/152.