Bug#442088: xdm: with "xlogin.Login.allowRootLogin: false" root can login

To: "Debian Bug Tracking System" <submit@bugs.debian.org>
Subject: Bug#442088: xdm: with "xlogin.Login.allowRootLogin: false" root can login
From: "Joaquín Martínez" <jmbouzas@gmail.com>
Date: Wed, 12 Sep 2007 22:49:16 -0300
Message-id: <[🔎] 77c60b980709121849m26024cbfmf61ef53389a7e558@mail.gmail.com>
Reply-to: "Joaquín Martínez" <jmbouzas@gmail.com>, 442088@bugs.debian.org

Package: xdm
Version: 1:1.1.6-2
Severity: normal



-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.23-rc6c0
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages xdm depends on:
ii  cpp                         4:4.1.2-9    The GNU C preprocessor (cpp)
ii  debconf [debconf-2.0]       1.5.14       Debian configuration management sy
ii  libc6                       2.6.1-1+b1   GNU C Library: Shared libraries
ii  libfontconfig1              2.4.2-1.2    generic font configuration library
ii  libice6                     2:1.0.4-1    X11 Inter-Client Exchange library
ii  libpam0g                    0.99.7.1-4   Pluggable Authentication Modules l
ii  libselinux1                 2.0.15-2+b1  SELinux shared libraries

ii  libsm6                      2:1.0.3-1+b1 X11 Session Management library
ii  libx11-6                    2:1.0.3-7    X11 client-side library
ii  libxau6                     1:1.0.3-2    X11 authorisation library
ii  libxaw7                     2:1.0.4-1    X11 Athena Widget library
ii  libxdmcp6                   1:1.0.2-2    X11 Display Manager Control Protoc
ii  libxext6                    1:1.0.3-2    X11 miscellaneous extension librar
ii  libxft2                     2.1.12-2     FreeType-based font drawing librar
ii  libxinerama1                1:1.0.2-1    X11 Xinerama extension library
ii  libxmu6                     1:1.0.3-1    X11 miscellaneous utility library
ii  libxpm4                     1:3.5.7-1    X11 pixmap library
ii  libxrender1                 1:0.9.3-1    X Rendering Extension client libra
ii  libxt6                      1:1.0.5-3    X11 toolkit intrinsics library
ii  lsb-base                    3.1-24       Linux Standard Base 3.1 init scrip
ii  x11-common                  1:7.2-5      X Window System (X.Org) infrastruc
ii  xbase-clients               1:7.2.ds2-2  miscellaneous X clients

xdm recommends no packages.

-- debconf-show failed

<above the emacs debian-bug command output>

The exact and complete text of any error messages printed or logged:
Any message showed when login
/var/log/auth.log
Sep 12 22:05:26 camelia : pam_unix(xdm:session): session opened for
user root by root(uid=0)
Sep 12 22:05:28 camelia : pam_unix(xdm:session): session closed for user root

(Xserver killed as soo as started, that is why are only  2 seconds
between messages)


A description of the incorrect behaviour: exactly what behaviour
you were expecting, and what you observed.

even with the xlogin.Login.allowRootLogin: false in
/etc/X11/xdm/Xresources root is allowed to login.
I were expecting that  he were not.


Suggested fix:
I do not know  the internal mechanics why it do not work, my workaround was
to add the following lins to the
/etc/pam.d/xdm

# Disallows root logins except on tty's listed in /etc/securetty
# (Replaces the `CONSOLE' setting from login.defs)
auth       requisite  pam_securetty.so

and only write console in /etc/securetty




Thank you for your work and time.


Best regards

Reply to:

Prev by Date: Bug#164379: Don't miss these Piaget and Omega promotions.
Next by Date: Bug#226048: fahkcalb
Previous by thread: Bug#164379: Don't miss these Piaget and Omega promotions.
Next by thread: Bug#226048: fahkcalb
Index(es):
- Date
- Thread