[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Etch Vers. 4.0r0, Problema con gdm.

Hola amig@s:
Acabo de enviar el mensaje que acontinuacion pego a la direccion de correo: submit@bugs.debian.org, informando sobre un fallo de seguridad en el programa o la configuacion de gdm, para la actual version estable, la 4.0r0... Etch. 

Acontinuacion pego el mesaje que he enviado:

--copy&paste:

Subject: gdm... important local bug.

Package: <gdm>
Version: <2.16.4-1>
Severity: <important>

# which gdm
/usr/sbin/gdm

# type gdm
gdm is /usr/sbin/gdm

# dpkg --search /usr/sbin/gdm
gdm: /usr/sbin/gdm

# dpkg --list gdm
Desired=Unknown/Install/Remove/Purge/Hold
| Estado=No/Instalado/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err:
mayúsc.=malo)
||/ Nombre                    Versión                  Descripción
+++-=========================-=========================-==================================================================
ii  gdm                       2.16.4-1                  GNOME Display
Manager

# dpkg --status gdm
Package: gdm
Status: install ok installed
Priority: optional
Section: gnome
Installed-Size: 11296
Maintainer: Ryan Murray <rmurray@debian.org>
Architecture: i386
Version: 2.16.4-1
Provides: x-display-manager
Depends: adduser, debconf-2.0, libart-2.0-2 (>= 2.3.16), libatk1.0-0 (>=
1.12.2), libattr1 (>= 2.4.4-1), libc6 (>= 2.3.6-6), libcairo2 (>=
1.2.4), libdmx1, libfontconfig1 (>= 2.4.0), libglade2-0 (>= 1:2.5.1),
libglib2.0-0 (>= 2.12.0), libgnomecanvas2-0 (>= 2.11.1), libgtk2.0-0 (>=
2.8.0), libpam0g (>= 0.76), libpango1.0-0 (>= 1.14.8), libpopt0 (>=
1.10), librsvg2-2 (>= 2.12.7), libselinux1 (>= 1.32), libwrap0,
libx11-6, libxau6, libxcursor1 (>> 1.1.2), libxdmcp6, libxext6,
libxfixes3 (>= 1:4.0.1), libxi6, libxinerama1, libxml2 (>= 2.6.27),
libxrandr2, libxrender1, libpam-modules (>= 0.72-1), libpam-runtime (>=
0.76-13.1), gnome-session | xterm | x-window-manager |
x-terminal-emulator, xbase-clients, gksu (>= 1.0.7), lsb-base (>=
3.0-10), librsvg2-common
Recommends: whiptail | dialog, zenity, gdm-themes
Suggests: locales, apmd, msttcorefonts
Conffiles:
 /etc/pam.d/gdm 7c441888528aa8bf6ccef2302ac5d708
 /etc/pam.d/gdm-autologin 1a86fbd78b2b0ba1073d96defb293242
 /etc/gdm/Init/Default 6cee040417062a88d833c4be0bb188a1
 /etc/gdm/PreSession/Default 53ace09187c75f3d874837f59cd31ac4
 /etc/gdm/PostSession/Default 65f4f2dbbd52573265d5340fe51a874f
 /etc/gdm/gdm.conf 5923b0438b5db678f22531ab1d67588b
 /etc/gdm/XKeepsCrashing af0752b3a3de9b9f27bbe792d8199ac8
 /etc/gdm/PostLogin/Default.sample 2c3d901312c1bc31997ba6ba53b5f18a
 /etc/gdm/modules/AccessKeyMouseEvents 222158731a75330ebe2b3968b45f51fd
 /etc/gdm/modules/factory-AccessKeyMouseEvents
222158731a75330ebe2b3968b45f51fd
 /etc/gdm/modules/AccessDwellMouseEvents 06b7d07fca6d9996f6c151491304d2ed
 /etc/gdm/modules/factory-AccessDwellMouseEvents
06b7d07fca6d9996f6c151491304d2ed
 /etc/gdm/locale.conf 3a304ecef65088df6457a8443b2acee7
 /etc/gdm/Xsession a8317ffba20ae153a795349a9dadef49
 /etc/init.d/gdm a104c5978191f6c362ab77a08a1c41d7
Description: GNOME Display Manager
 gdm provides the equivalent of a "login:" prompt for X displays- it
 pops up a login window and starts an X session.
 .
 It provides all the functionality of xdm, including XDMCP support for
 managing remote displays.
 .
 The greeting window is written using the GNOME libraries and hence
 looks like a GNOME application- even to the extent of supporting
 themes! By default, the greeter is run as an unprivileged user for
 security.

--

Hello, my name is Jose Maria Avendaño Cabezas, I am from España, sorry
but I speak and write English very very bad.

This is a informe about local bug discovery in the new Debian Gnu+Linux
vers. 4.0, Etch install in my computer today 2007 04 09.

Bug description:

Power on my computer... Ok.
Load the system... Ok.
Load gdm... Ok.

Introducin my nick... Ok.
Introducin my password... Ok.

Load gnome... Ok.
... run some aplications... Ok.
Logout whit "change the user"... Ok.

Load gdm again... Ok.

And now I typing: Control+Alt+F7

Then I can introducin in my system whitout password!!!


More details...

The configuration of gdm is the configuration of the system by default.

# uname -a
Linux wasaby 2.6.18-4-686 #1 SMP Mon Mar 26 17:17:36 UTC 2007 i686 GNU/Linux

# dpkg -l libc6
Desired=Unknown/Install/Remove/Purge/Hold
| Estado=No/Instalado/Config-files/Unpacked/Failed-config/Half-installed
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err:
mayúsc.=malo)
||/ Nombre                    Versión                  Descripción
+++-=========================-=========================-==================================================================
ii  libc6                     2.3.6.ds1-13              GNU C Library:
Shared libraries


And nothin more about this bug.

Thankyou for all developers of Debian GNU+Linux, the best software-libre
proyect in the world.

jac.


--End copy&paste.
Tambien he enviado una copia al mantenedor del paquete, la direccion de Ryan Murray que aparece al hacer dpkg --status gmd.
Es la primera vez que informo de un fallo de seguridad y creo que lo he echo bien, pero no estoy seguro, ya me direis algo.
Espero que se arregle lo antes posible, mi secretaria ya sabe como puede acceder al sistema sin necesidad de logearse. ;-) 

Salud!!!

jac.
Reply to: