[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#274197: under selinux there's access to log files by users which are created by kdm

Package: kdm
Version: 4:3.3.0-1.1
Severity: normal

please could the same be done to kdm as has been done to gdm, namely
that when a user session is started, a different log file is used for
the user session from the one that is created by kdm?

the reason is because in order to allow access to the
kdm-created-log-file, far too many permissions must be granted to users.

namely, the permission to write to ANY files created by kdm must be
granted, for a start.



On Wed, 2004-09-29 at 18:32 +0200, Thomas Bleher wrote:
> I have a question about access to xdm_t:
> With KDM 3.3 I am seeing a lot of accesses to xdm_t:fd and
> xdm_t:fifo_file from user processes (say user_lpr_t and user_gpg_t)

For Fedora we modified GDM to log the X session errors to 
/tmp/xses-$USER.$RANDOM, you could probably do something similar with

> Should these be allowed?
> If yes, should xdm_t get the attribute privfd?

I think it'd be better to move the X errors to /tmp.  It's more 
NFS-homedir friendly anyways.

This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux highfield 2.6.7-selinux1 #7 Wed Sep 8 17:46:33 BST 2004 i686

Versions of packages kdm depends on:
ii  debconf                   1.4.25         Debian configuration management sy
ii  kdebase-bin               4:3.3.0-1.1    KDE Base (binaries)
ii  kdelibs4                  4:3.3.0-1.1    KDE core libraries
ii  libart-2.0-2              2.3.16-5       Library of functions for 2D graphi
ii  libc6                     2.3.2.ds1-16   GNU C Library: Shared libraries an
ii  libfam0c102               2.7.0-5        client library to control the FAM 
ii  libgcc1                   1:3.5-0pre1    GCC support library
ii  libice6                   4.3.0.dfsg.1-6 Inter-Client Exchange library
ii  libidn11                  0.5.2-2        GNU libidn library, implementation
ii  libncurses5               5.4-3          Shared libraries for terminal hand
ii  libpam-runtime            0.77-0.se5     Runtime support for the PAM librar
ii  libpam0g                  0.77-0.se5     Pluggable Authentication Modules l
ii  libpng12-0            PNG library - runtime
ii  libqt3c102-mt             3:3.3.3-4      Qt GUI Library (Threaded runtime v
ii  libselinux1               1.16-0.1       SELinux shared libraries
ii  libsm6                    4.3.0.dfsg.1-6 X Window System Session Management
ii  libstdc++5                1:3.3.4-11     The GNU Standard C++ Library v3
ii  libx11-6                  4.3.0.dfsg.1-6 X Window System protocol client li
ii  libxext6                  4.3.0.dfsg.1-6 X Window System miscellaneous exte
ii  libxrender1               0.8.3-5        X Rendering Extension client libra
ii  libxtst6                  4.3.0-5        X Window System event recording an
ii  xbase-clients             4.3.0-5        miscellaneous X clients
ii  xlibs                     4.3.0.dfsg.1-6 X Window System client libraries m
ii  zlib1g                    1:1.2.1-3      compression library - runtime

-- debconf information excluded

Reply to: