[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: GNOME root's logins (looking for feeback)

On Sun, Feb 20, 2011 at 11:45 AM, Camaleón <noelamac@gmail.com> wrote:
> On Sun, 20 Feb 2011 11:31:12 -0500, Tom H wrote:
>> On Sun, Feb 20, 2011 at 10:21 AM, Camaleón wrote:
>>>
>>> I wonder what is the point of forbidding root's GUI logins from GDM
>>> greeter while this can be easily by-passed without editing any
>>> configuration file?
>>
>> Do you mean through the GDM Greeter or by bypassing it with startx?


> With "startx".

OK.


> AFAIK, GDM greeter requires file edition to allow root's logins, but
> that's also possible.

Yes, you have to edit pam and gdm config files, so that's why I asked
about startx.


> So, what (and how) we (or GNOME's policy) want to protect with the
> current behaviour? It sounds like "security through obscurity" which
> makes no good to anyone.

I first noticed this behavior on Ubuntu 9.10 and it coincided with
having xauth tokens in "/var/run/gdm" ("/var/run/gdm3" for Debian). I
presume that this is the reason for this security "problem" and that
it is a GNOME/GDM change rather than a Debian-/Ubuntu-specific one.
Reply to: