[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#52612: marked as done (login.app: should use xauth not xhost)

Your message dated Sat, 08 Oct 2005 21:37:23 +0200
with message-id <87zmpjn6ks.fsf@diziet.irb.hr>
and subject line Removed
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Received: (at submit) by bugs.debian.org; 13 Dec 1999 10:34:24 +0000
Received: (qmail 11584 invoked from network); 13 Dec 1999 10:34:22 -0000
Received: from tonelli.sns.it (
  by master.debian.org with SMTP; 13 Dec 1999 10:34:22 -0000
Received: from sysman by Tonelli.sns.it with local (Exim 2.05 #1 (Debian))
	id 11xSoA-0000Bb-00; Mon, 13 Dec 1999 11:34:22 +0100
From: debian@Tonelli.sns.it
Subject: login.app: should use  xauth   not   xhost
To: submit@bugs.debian.org
X-Mailer: bug 3.2.7
Message-Id: <E11xSoA-0000Bb-00@Tonelli.sns.it>
Sender: A Mennucc1 <sysman@Tonelli.sns.it>
Date: Mon, 13 Dec 1999 11:34:22 +0100

Package: login.app
Version: 1.2.1-5
Severity: critical


I found out that login.app  doesnt provide a xauth entry,
but it instead opens up access to the whole localhost , using xhost

this opens up many security problems: when root is working on console,
anybody on the localhost will be able to audit what s/he is doing

also, btw,  login.app  doesnt fit well in Debian:
indeed, it doesnt use the sysv  /etc/init.d  scheme
(so, it is not possible to disable it at will, to try another 
manager like  xdm)

thanks for your attention

-- System Information
Debian Release: potato
Kernel Version: Linux Tonelli 2.2.13 #1 Tue Oct 26 14:00:17 EST 1999 i586 unknown

Versions of the packages login.app depends on:
ii  libc6           2.1.2-5        GNU C Library: Shared libraries and timezone
ii  libstdc++2.9    2.91.66-0slink The GNU stdc++ library (egcs version)
ii  xbase-clients    miscellaneous X clients
ii  xlib6g          3.3.5-1        shared libraries required by X clients
ii  xpm4g           3.4k-2         the X PixMap library
xserver-vga16	Not installed or no info
ii  xserver-svga    X server for SVGA graphics cards
	^^^ (Provides virtual package xserver)
Received: (at 52612-done) by bugs.debian.org; 8 Oct 2005 19:37:14 +0000
>From mvela@irb.hr Sat Oct 08 12:37:14 2005
Return-path: <mvela@irb.hr>
Received: from mail.irb.hr [] (UNKNOWN)
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1EOKVN-0007ut-00; Sat, 08 Oct 2005 12:37:14 -0700
Received: from diziet.irb.hr (diziet.irb.hr [])
	by mail.irb.hr (8.13.3/8.13.3/Debian-6) with ESMTP id j98Jb864020204;
	Sat, 8 Oct 2005 21:37:08 +0200
Received: from diziet.irb.hr (localhost [])
	by diziet.irb.hr (8.13.5/8.13.5/Debian-2) with ESMTP id j98JbNQe021979;
	Sat, 8 Oct 2005 21:37:23 +0200
Received: (from mvela@localhost)
	by diziet.irb.hr (8.13.5/8.13.5/Submit) id j98JbNjf021977;
	Sat, 8 Oct 2005 21:37:23 +0200
X-Authentication-Warning: diziet.irb.hr: mvela set sender to mvela@irb.hr using -f
From: Matej Vela <vela@debian.org>
To: 44372-done@bugs.debian.org, 52612-done@bugs.debian.org,
        53718-done@bugs.debian.org, 64572-done@bugs.debian.org,
        68979-done@bugs.debian.org, 94687-done@bugs.debian.org,
        144799-done@bugs.debian.org, 171182-done@bugs.debian.org,
        171183-done@bugs.debian.org, 198342-done@bugs.debian.org,
        256350-done@bugs.debian.org, 263018-done@bugs.debian.org,
        276137-done@bugs.debian.org, 295783-done@bugs.debian.org,
Subject: Removed
Date: Sat, 08 Oct 2005 21:37:23 +0200
Message-ID: <87zmpjn6ks.fsf@diziet.irb.hr>
User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Scanned-By: MIMEDefang 2.51 on
Delivered-To: 52612-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-2.0 required=4.0 tests=BAYES_00,ONEWORD autolearn=no 
X-CrossAssassin-Score: 11


Login.app has now been removed from Debian due to upstream inactivity.
Please see <http://bugs.debian.org/256681> for details.



Reply to: