Bug#274197: under selinux there's access to log files by users which are created by kdm
Package: kdm
Version: 4:3.3.0-1.1
Severity: normal
please could the same be done to kdm as has been done to gdm, namely
that when a user session is started, a different log file is used for
the user session from the one that is created by kdm?
the reason is because in order to allow access to the
kdm-created-log-file, far too many permissions must be granted to users.
namely, the permission to write to ANY files created by kdm must be
granted, for a start.
ta,
l.
On Wed, 2004-09-29 at 18:32 +0200, Thomas Bleher wrote:
> I have a question about access to xdm_t:
> With KDM 3.3 I am seeing a lot of accesses to xdm_t:fd and
> xdm_t:fifo_file from user processes (say user_lpr_t and user_gpg_t)
For Fedora we modified GDM to log the X session errors to
/tmp/xses-$USER.$RANDOM, you could probably do something similar with
KDM.
> Should these be allowed?
> If yes, should xdm_t get the attribute privfd?
I think it'd be better to move the X errors to /tmp. It's more
NFS-homedir friendly anyways.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux highfield 2.6.7-selinux1 #7 Wed Sep 8 17:46:33 BST 2004 i686
Locale: LANG=C, LC_CTYPE=C
Versions of packages kdm depends on:
ii debconf 1.4.25 Debian configuration management sy
ii kdebase-bin 4:3.3.0-1.1 KDE Base (binaries)
ii kdelibs4 4:3.3.0-1.1 KDE core libraries
ii libart-2.0-2 2.3.16-5 Library of functions for 2D graphi
ii libc6 2.3.2.ds1-16 GNU C Library: Shared libraries an
ii libfam0c102 2.7.0-5 client library to control the FAM
ii libgcc1 1:3.5-0pre1 GCC support library
ii libice6 4.3.0.dfsg.1-6 Inter-Client Exchange library
ii libidn11 0.5.2-2 GNU libidn library, implementation
ii libncurses5 5.4-3 Shared libraries for terminal hand
ii libpam-runtime 0.77-0.se5 Runtime support for the PAM librar
ii libpam0g 0.77-0.se5 Pluggable Authentication Modules l
ii libpng12-0 1.2.5.0-6 PNG library - runtime
ii libqt3c102-mt 3:3.3.3-4 Qt GUI Library (Threaded runtime v
ii libselinux1 1.16-0.1 SELinux shared libraries
ii libsm6 4.3.0.dfsg.1-6 X Window System Session Management
ii libstdc++5 1:3.3.4-11 The GNU Standard C++ Library v3
ii libx11-6 4.3.0.dfsg.1-6 X Window System protocol client li
ii libxext6 4.3.0.dfsg.1-6 X Window System miscellaneous exte
ii libxrender1 0.8.3-5 X Rendering Extension client libra
ii libxtst6 4.3.0-5 X Window System event recording an
ii xbase-clients 4.3.0-5 miscellaneous X clients
ii xlibs 4.3.0.dfsg.1-6 X Window System client libraries m
ii zlib1g 1:1.2.1-3 compression library - runtime
-- debconf information excluded
Reply to: