Bug#274197: marked as done (under selinux there's access to log files by users which are created by kdm)

To: Eckhart Wörner <ewoerner@kde.org>
Subject: Bug#274197: marked as done (under selinux there's access to log files by users which are created by kdm)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 04 Apr 2010 02:51:05 +0000
Message-id: <[🔎] handler.274197.D274197.12703493685440.ackdone@bugs.debian.org>
References: <201004040449.17859.ewoerner@kde.org> <E1CCx8Q-0002yd-FN@lkcl.net>

Your message dated Sun, 4 Apr 2010 04:49:17 +0200
with message-id <201004040449.17859.ewoerner@kde.org>
and subject line Re: under selinux there's access to log files by users which are created by kdm
has caused the Debian Bug report #274197,
regarding under selinux there's access to log files by users which are created by kdm
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
274197: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=274197
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: under selinux there's access to log files by users which are created by kdm
From: Luke Kenneth Casson Leighton <lkcl@lkcl.net>
Date: Thu, 30 Sep 2004 10:21:58 +0100
Message-id: <E1CCx8Q-0002yd-FN@lkcl.net>

Package: kdm
Version: 4:3.3.0-1.1
Severity: normal


please could the same be done to kdm as has been done to gdm, namely
that when a user session is started, a different log file is used for
the user session from the one that is created by kdm?

the reason is because in order to allow access to the
kdm-created-log-file, far too many permissions must be granted to users.

namely, the permission to write to ANY files created by kdm must be
granted, for a start.

ta,

l.


On Wed, 2004-09-29 at 18:32 +0200, Thomas Bleher wrote:
> I have a question about access to xdm_t:
> With KDM 3.3 I am seeing a lot of accesses to xdm_t:fd and
> xdm_t:fifo_file from user processes (say user_lpr_t and user_gpg_t)

For Fedora we modified GDM to log the X session errors to 
/tmp/xses-$USER.$RANDOM, you could probably do something similar with
KDM.

> Should these be allowed?
> If yes, should xdm_t get the attribute privfd?

I think it'd be better to move the X errors to /tmp.  It's more 
NFS-homedir friendly anyways.



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux highfield 2.6.7-selinux1 #7 Wed Sep 8 17:46:33 BST 2004 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages kdm depends on:
ii  debconf                   1.4.25         Debian configuration management sy
ii  kdebase-bin               4:3.3.0-1.1    KDE Base (binaries)
ii  kdelibs4                  4:3.3.0-1.1    KDE core libraries
ii  libart-2.0-2              2.3.16-5       Library of functions for 2D graphi
ii  libc6                     2.3.2.ds1-16   GNU C Library: Shared libraries an
ii  libfam0c102               2.7.0-5        client library to control the FAM 
ii  libgcc1                   1:3.5-0pre1    GCC support library
ii  libice6                   4.3.0.dfsg.1-6 Inter-Client Exchange library
ii  libidn11                  0.5.2-2        GNU libidn library, implementation
ii  libncurses5               5.4-3          Shared libraries for terminal hand
ii  libpam-runtime            0.77-0.se5     Runtime support for the PAM librar
ii  libpam0g                  0.77-0.se5     Pluggable Authentication Modules l
ii  libpng12-0                1.2.5.0-6      PNG library - runtime
ii  libqt3c102-mt             3:3.3.3-4      Qt GUI Library (Threaded runtime v
ii  libselinux1               1.16-0.1       SELinux shared libraries
ii  libsm6                    4.3.0.dfsg.1-6 X Window System Session Management
ii  libstdc++5                1:3.3.4-11     The GNU Standard C++ Library v3
ii  libx11-6                  4.3.0.dfsg.1-6 X Window System protocol client li
ii  libxext6                  4.3.0.dfsg.1-6 X Window System miscellaneous exte
ii  libxrender1               0.8.3-5        X Rendering Extension client libra
ii  libxtst6                  4.3.0-5        X Window System event recording an
ii  xbase-clients             4.3.0-5        miscellaneous X clients
ii  xlibs                     4.3.0.dfsg.1-6 X Window System client libraries m
ii  zlib1g                    1:1.2.1-3      compression library - runtime

-- debconf information excluded

--- End Message ---

--- Begin Message ---

To: 274197-done@bugs.debian.org

Subject: Re: under selinux there's access to log files by users which are created by kdm

From: Eckhart Wörner <ewoerner@kde.org>

Date: Sun, 4 Apr 2010 04:49:17 +0200

Message-id: <201004040449.17859.ewoerner@kde.org>
Version: 4:4.3.4-1

The bug you reported has (most likely) been fixed in or before KDE SC 4.3.4
--- End Message ---

Reply to:

Prev by Date: Processed: your mail
Next by Date: Processed: your mail
Previous by thread: Processed: Re: dragonplayer: doesn't play dvd
Next by thread: Processed: Re: akonadi-server claims dbus not active
Index(es):
- Date
- Thread