[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#578928: marked as done (gdm3: gives shell-access as user Debian-gdm to everyone)

Your message dated Fri, 23 Apr 2010 19:58:43 +0200
with message-id <1272045523.28986.2.camel@tomoyo>
and subject line Re: Bug#578928: gdm3: gives shell-access as user Debian-gdm to everyone
has caused the Debian Bug report #578928,
regarding gdm3: gives shell-access as user Debian-gdm to everyone
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
578928: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578928
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: gdm3
Version: 2.30.0-2
Severity: grave
Tags: security
Justification: user security hole

If I enable the screen-reader in the login manager, a gnome-terminal window is
opened. There everyone can get shell access as user Debian-gdm by creating a
new profile.

The following processes are running:

gnome-terminal -x /usr/bin/orca --no-setup --disable main-window --disable
magnifier --enable speech
/usr/bin/python -c import orca.orca; orca.orca.main() --no-setup --disable
main-window --disable magnifier --enable speech

After enabling and disabling the screen reader several times,
the gnome-terminal window disappears immediately each time. Only the python
process keeps running. This behaviour continues until gdm3 is restarted.


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages gdm3 depends on:
ii  adduser                 3.112            add and remove users and groups
ii  debconf [debconf-2.0]   1.5.32           Debian configuration management sy
ii  gconf2                  2.28.1-3         GNOME configuration database syste
ii  gnome-session [x-sessio 2.30.0-1         The GNOME Session Manager - GNOME 
ii  gnome-session-bin       2.30.0-1         The GNOME Session Manager - Minima
ii  gnome-terminal [x-termi 2.30.0-1         The GNOME terminal emulator applic
ii  kde-window-manager [x-w 4:4.3.4-5+b1     the KDE 4 window manager (KWin)
ii  konsole [x-terminal-emu 4:4.3.4-1        X terminal emulator for KDE 4
ii  libart-2.0-2            2.3.20-2         Library of functions for 2D graphi
ii  libatk1.0-0             1.30.0-1         The ATK accessibility toolkit
ii  libattr1                1:2.4.44-1       Extended attribute shared library
ii  libaudit0               1.7.13-1+b1      Dynamic library for security audit
ii  libbonobo2-0            2.24.3-1         Bonobo CORBA interfaces library
ii  libbonoboui2-0          2.24.3-1         The Bonobo UI library
ii  libc6                   2.10.2-6         Embedded GNU C Library: Shared lib
ii  libcairo2               1.8.10-4         The Cairo 2D vector graphics libra
ii  libcanberra-gtk0        0.22-1           Gtk+ helper for playing widget eve
ii  libcanberra0            0.22-1           a simple abstract interface for pl
ii  libdbus-1-3             1.2.24-1         simple interprocess messaging syst
ii  libdbus-glib-1-2        0.86-1           simple interprocess messaging syst
ii  libdevkit-power-gobject 1:0.9.2-1        abstraction for power management -
ii  libfontconfig1          2.8.0-2          generic font configuration library
ii  libfreetype6            2.3.11-1         FreeType 2 font engine, shared lib
ii  libgconf2-4             2.28.1-3         GNOME configuration database syste
ii  libglib2.0-0            2.24.0-1         The GLib library of C routines
ii  libgnome2-0             2.30.0-1         The GNOME library - runtime files
ii  libgnomecanvas2-0       2.30.1-1         A powerful object-oriented display
ii  libgtk2.0-0             2.20.0-3         The GTK+ graphical user interface 
ii  liborbit2               1:2.14.18-0.1    libraries for ORBit2 - a CORBA ORB
ii  libpam-modules          1.1.1-2          Pluggable Authentication Modules f
ii  libpam-runtime          1.1.1-2          Runtime support for the PAM librar
ii  libpam0g                1.1.1-2          Pluggable Authentication Modules l
ii  libpanel-applet2-0      2.28.0-3         library for GNOME Panel applets
ii  libpango1.0-0           1.28.0-1         Layout and rendering of internatio
ii  libpolkit-gobject-1-0   0.96-2           PolicyKit Authorization API
ii  libpolkit-gtk-1-0       0.96-2           PolicyKit GTK+ API
ii  libpopt0                1.15-1           lib for parsing cmdline parameters
ii  librsvg2-common         2.26.2-1         SAX-based renderer library for SVG
ii  libselinux1             2.0.94-1         SELinux runtime shared libraries
ii  libwrap0                7.6.q-18         Wietse Venema's TCP wrappers libra
ii  libx11-6                2:1.3.3-3        X11 client-side library
ii  libxau6                 1:1.0.5-2        X11 authorisation library
ii  libxdmcp6               1:1.0.3-2        X11 Display Manager Control Protoc
ii  libxklavier16           5.0-2            X Keyboard Extension high-level AP
ii  libxml2                 2.7.7.dfsg-2     GNOME XML library
ii  lsb-base                3.2-23.1         Linux Standard Base 3.2 init scrip
ii  metacity [x-window-mana 1:2.30.1-1       lightweight GTK+ window manager
ii  policykit-1-gnome       0.96-2           GNOME authentication agent for Pol
ii  upower                  0.9.2-1          abstraction for power management
ii  xfwm4 [x-window-manager 4.6.1-1          window manager of the Xfce project
ii  xterm [x-terminal-emula 256-1            X terminal emulator
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

Versions of packages gdm3 recommends:
ii  at-spi                     1.30.0-2      Assistive Technology Service Provi
ii  gnome-icon-theme           2.30.1-1      GNOME Desktop icon theme
ii  gnome-power-manager        2.30.0-1      power management tool for the GNOM
ii  gnome-settings-daemon      2.28.1-3      daemon handling the GNOME session 
ii  xnest                      2:1.7.6.901-3 Nested X server
ii  xserver-xephyr             2:1.7.6.901-3 nested X server
ii  xserver-xorg               1:7.5+5       the X.Org X server
ii  zenity                     2.30.0-1      Display graphical dialog boxes fro

Versions of packages gdm3 suggests:
ii  gnome-mag                     1:0.15.9-1 a screen magnifier for the GNOME d
ii  gnome-orca                    2.30.0-1   Scriptable screen reader
ii  libpam-gnome-keyring          2.30.0-2   PAM module to unlock the GNOME key

--- End Message ---
--- Begin Message --- 
reassign 578928 gnome-orca
fixed 578928 2.30.0-2
thanks

Le vendredi 23 avril 2010 à 18:20 +0200, Johann Felix Soden a écrit : 
> If I enable the screen-reader in the login manager, a gnome-terminal window is
> opened. There everyone can get shell access as user Debian-gdm by creating a
> new profile.

Thanks for the report. It was a problem in orca rather than gdm3 itself,
and I have uploaded a fixed version.

-- 
 .''`.      Josselin Mouette
: :' :
`. `'  “If you behave this way because you are blackmailed by someone,
  `-    […] I will see what I can do for you.”  -- Jörg Schilling

Attachment: signature.asc
Description: This is a digitally signed message part


--- End Message ---
Reply to: