[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#158998: marked as done (kdm: kdm wants to read ~root/.kde)

Your message dated Fri, 05 Mar 2004 16:41:44 +0100
with message-id <87eks7jo7b.fsf@student.kuleuven.ac.be>
and subject line Fixed in KDE 3.2, which just entered unstable
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 31 Aug 2002 14:02:45 +0000
>From russell@coker.com.au Sat Aug 31 09:02:45 2002
Return-path: <russell@coker.com.au>
Received: from tsv.sws.net.au [203.36.46.2] 
	by master.debian.org with esmtp (Exim 3.12 1 (Debian))
	id 17l8po-00025o-00; Sat, 31 Aug 2002 09:02:44 -0500
Received: from lyta.coker.com.au (localhost [127.0.0.1])
	by tsv.sws.net.au (Postfix) with ESMTP
	id 1D03D92466; Sun,  1 Sep 2002 00:02:42 +1000 (EST)
Received: by lyta.coker.com.au (Postfix, from userid 1001)
	id B49883A12; Sat, 31 Aug 2002 16:02:33 +0200 (CEST)
From: <russell@coker.com.au>
Subject: kdm: kdm wants to read ~root/.kde
To: submit@bugs.debian.org
X-Mailer: bug 3.3.10.1
Message-Id: <20020831140233.B49883A12@lyta.coker.com.au>
Date: Sat, 31 Aug 2002 16:02:33 +0200 (CEST)
Delivered-To: submit@bugs.debian.org

Package: kdm
Version: 4:3.0.3-1
Severity: normal

It appears that kdm is getting some of it's configuration data from ~root/.kde.

This is wrong for two reasons, one is that you may want to have root user
configuration different from system configuration, the other is that if you are
serious about security you will probably block kdm from accessing the root home
directory (as I have).

I have included some logs of what kdm is doing (NB they don't log everything as
I have permitted some access).

avc:  denied  { getattr } for  pid=2725 exe=/usr/bin/kdm_greet path=/root/.kde dev=03:02 ino=86450 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2725 exe=/usr/bin/kdm_greet path=/root/.kde/share/config dev=03:02 ino=90766 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2725 exe=/usr/bin/kdm_greet path=/root/.kde dev=03:02 ino=86450 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2725 exe=/usr/bin/kdm_greet path=/root/.kde dev=03:02 ino=86450 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2725 exe=/usr/bin/kdm_greet path=/root/.kde/share/config dev=03:02 ino=90766 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2725 exe=/usr/bin/kdm_greet path=/root/.kde dev=03:02 ino=86450 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2725 exe=/usr/bin/kdm_greet path=/root/.kde dev=03:02 ino=86450 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2725 exe=/usr/bin/kdm_greet path=/root/.kde dev=03:02 ino=86450 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2725 exe=/usr/bin/kdm_greet path=/root/.kde dev=03:02 ino=86450 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2725 exe=/usr/bin/kdm_greet path=/root/.kde dev=03:02 ino=86450 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2756 exe=/usr/bin/kdm_greet path=/root/.kde dev=03:02 ino=86450 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2756 exe=/usr/bin/kdm_greet path=/root/.kde/share/config dev=03:02 ino=90766 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2756 exe=/usr/bin/kdm_greet path=/root/.kde dev=03:02 ino=86450 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2756 exe=/usr/bin/kdm_greet path=/root/.kde dev=03:02 ino=86450 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2756 exe=/usr/bin/kdm_greet path=/root/.kde dev=03:02 ino=86450 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2794 exe=/usr/bin/kdm_greet path=/root/.kde dev=03:02 ino=86450 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2794 exe=/usr/bin/kdm_greet path=/root/.kde/share/config dev=03:02 ino=90766 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2794 exe=/usr/bin/kdm_greet path=/root/.kde dev=03:02 ino=86450 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2794 exe=/usr/bin/kdm_greet path=/root/.kde dev=03:02 ino=86450 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2794 exe=/usr/bin/kdm_greet path=/root/.kde/share/config dev=03:02 ino=90766 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2794 exe=/usr/bin/kdm_greet path=/root/.kde dev=03:02 ino=86450 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2794 exe=/usr/bin/kdm_greet path=/root/.kde dev=03:02 ino=86450 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2794 exe=/usr/bin/kdm_greet path=/root/.kde dev=03:02 ino=86450 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir
avc:  denied  { getattr } for  pid=2794 exe=/usr/bin/kdm_greet path=/root/.kde dev=03:02 ino=86450 scontext=system_u:system_r:xdm_t tcontext=system_u:object_r:sysadm_home_t tclass=dir

-- System Information
Debian Release: testing/unstable
Kernel Version: Linux lyta 2.4.19lsm #1 Sat Aug 24 18:59:35 CEST 2002 i686 unknown unknown GNU/Linux

Versions of the packages kdm depends on:
ii  kdelibs4       3.0.3-1        KDE core libraries
ii  libc6          2.2.5-14       GNU C Library: Shared libraries and Timezone
ii  libpam0g       0.72-35        Pluggable Authentication Modules library
ii  libpng3        1.2.1-3        PNG library - runtime
ii  libqt3-mt      3.0.5-3        Qt GUI Library (Threaded runtime version)
ii  libstdc++2.10- 2.95.4-11      The GNU stdc++ library
ii  xlibs          4.2.0-0pre1v3  X Window System client libraries
ii  zlib1g         1.1.4-3        compression library - runtime

--- Begin /etc/kde3/kdm/Xservers (modified conffile)
:0 local /usr/X11R6/bin/X :0 vt5 -dpi 75

--- End /etc/kde3/kdm/Xservers

---------------------------------------
Received: (at 158998-close) by bugs.debian.org; 5 Mar 2004 15:41:12 +0000
>From dominique.devriese@student.kuleuven.ac.be Fri Mar 05 07:41:12 2004
Return-path: <dominique.devriese@student.kuleuven.ac.be>
Received: from nibbel.kulnet.kuleuven.ac.be [134.58.240.41] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1AzHRn-0003kL-00; Fri, 05 Mar 2004 07:41:11 -0800
Received: from localhost (localhost [127.0.0.1])
	by nibbel.kulnet.kuleuven.ac.be (Postfix) with ESMTP
	id B960E4B861; Fri,  5 Mar 2004 16:40:32 +0100 (CET)
Received: from antonius.kulnet.kuleuven.ac.be (antonius.kulnet.kuleuven.ac.be [134.58.240.73])
	by nibbel.kulnet.kuleuven.ac.be (Postfix) with ESMTP
	id 19FCB4BAC4; Fri,  5 Mar 2004 16:40:32 +0100 (CET)
Received: from appel (domi.kotnet.org [10.0.57.168])
	by antonius.kulnet.kuleuven.ac.be (Postfix) with ESMTP
	id E3F6E4C0D1; Fri,  5 Mar 2004 16:40:31 +0100 (CET)
Received: from domi by appel with local (Exim 3.36 #1 (Debian))
	id 1AzHSK-0002af-00; Fri, 05 Mar 2004 16:41:44 +0100
To: 218673-close@bugs.debian.org, 224890-close@bugs.debian.org,
	229554-close@bugs.debian.org, 233477-close@bugs.debian.org,
	203328-close@bugs.debian.org, 229114-close@bugs.debian.org,
	139800-close@bugs.debian.org, 158998-close@bugs.debian.org,
	163308-close@bugs.debian.org, 164019-close@bugs.debian.org,
	182067-close@bugs.debian.org, 187002-close@bugs.debian.org,
	187610-close@bugs.debian.org, 188151-close@bugs.debian.org,
	190684-close@bugs.debian.org, 195379-close@bugs.debian.org,
	196446-close@bugs.debian.org, 203863-close@bugs.debian.org,
	205652-close@bugs.debian.org, 219566-close@bugs.debian.org,
	220375-close@bugs.debian.org, 222304-close@bugs.debian.org,
	225866-close@bugs.debian.org, 200853-close@bugs.debian.org,
	215287-close@bugs.debian.org, 222627-close@bugs.debian.org,
	172907-close@bugs.debian.org, 199926-close@bugs.debian.org,
	223854-close@bugs.debian.org
Subject: Fixed in KDE 3.2, which just entered unstable
From: Dominique Devriese <dominique.devriese@student.kuleuven.ac.be>
Date: Fri, 05 Mar 2004 16:41:44 +0100
Message-ID: <87eks7jo7b.fsf@student.kuleuven.ac.be>
User-Agent: Gnus/5.1006 (Gnus v5.10.6) XEmacs/21.4 (Security Through
 Obscurity, linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: Dominique Devriese <dominique.devriese@student.kuleuven.ac.be>
X-Virus-Scanned: by KULeuven Antivirus Cluster
Delivered-To: 158998-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_05 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=0.0 required=4.0 tests=none autolearn=no 
	version=2.60-bugs.debian.org_2004_03_05
X-Spam-Level: 


Closing 29 bugs that have been fixed upstream in KDE 3.2, which was
just uploaded to unstable.

cheers
domi
Reply to: