Bug#1095270: marked as done (lightdm: /usr/share/xsessions/lightdm-autologin.desktop error in exec statement)

To: Timo Aaltonen <tjaalton@debian.org>
Subject: Bug#1095270: marked as done (lightdm: /usr/share/xsessions/lightdm-autologin.desktop error in exec statement)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Mon, 01 Sep 2025 09:27:02 +0000
Message-id: <[🔎] handler.1095270.D1094494.17567187063170086.ackdone@bugs.debian.org>
Reply-to: 1095270@bugs.debian.org
References: <E1uszJ7-005kN7-1X@fasolo.debian.org> <173883015955.22563.86960096699681201.reportbug@frax1pad.axnet.nu>

Your message dated Mon, 01 Sep 2025 07:50:29 +0000
with message-id <E1uszJ7-005kN7-1X@fasolo.debian.org>
and subject line Bug#1094494: fixed in xorg 1:7.7+25
has caused the Debian Bug report #1094494,
regarding lightdm: /usr/share/xsessions/lightdm-autologin.desktop error in exec statement
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1094494: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094494
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: lightdm: /usr/share/xsessions/lightdm-autologin.desktop error in exec statement
From: frax1pad@axnet.nu
Date: Thu, 06 Feb 2025 09:22:39 +0100
Message-id: <173883015955.22563.86960096699681201.reportbug@frax1pad.axnet.nu>

Package: lightdm
Version: 1.32.0-6+b1
Severity: grave
Justification: user security hole
X-Debbugs-Cc: frax@axnet.nu

dist-upgrading Feb 5 2025 using autologin with lightdm with the attached config
in particular setting
  autologin-session=lightdm-autologin
in /etc/lightdm/lightdm.conf

we get the following error:

   Xsession: unable to launch "env AUTOLOGIN=yes /etc/X11/Xsession" X session --- 
   "env AUTOLOGIN=yes /etc/X11/Xsession" not found; falling back to default 

due to the Exec-statement in /usr/share/xsessions/lightdm-autologin.desktop
  Exec=env AUTOLOGIN=yes /etc/X11/Xsession

However, /etc/X11/Xsession will be launced anyway wich is a user security problem / hole
since AUTOLOGIN=yes is not set and the user will not know that it should take height
for the session being an AUTOLOGIN session, e.g. by immediately locking the screen
in case of unattended reboot / start-up, potentially leaving the session wide open
giving access to everybody having physical access to the computer.

The soloution would be as simple as fixing /usr/share/xsessions/lightdm-autologin.desktop
to actually exporting AUTOLOGIN=yes before launching /etc/X11/Xsession,
e.g. by an executable wrapper:

~~~ /etc/X11/Xsession-AUTOLOGIN ~~~
  #!/bin/sh
  AUTOLOGIN=yes
  export AUTOLOGIN
  exec /etc/X11/Xsession
~~~

Setting
  Exec=/etc/X11/Xsession-AUTOLOGIN
in /usr/share/xsessions/lightdm-autologin.desktop


-- System Information:
Debian Release: trixie/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.12.11-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lightdm depends on:
ii  adduser                                3.137
ii  dbus                                   1.16.0-1
ii  debconf [debconf-2.0]                  1.5.89
ii  libaudit1                              1:4.0.2-2+b1
ii  libc6                                  2.40-6
ii  libgcrypt20                            1.11.0-7
ii  libglib2.0-0t64                        2.82.4-2
ii  libpam-systemd [logind]                257.2-3
ii  libpam0g                               1.7.0-2
ii  libxcb1                                1.17.0-2+b1
ii  libxdmcp6                              1:1.1.5-1
ii  lightdm-gtk-greeter [lightdm-greeter]  2.0.9-1

Versions of packages lightdm recommends:
ii  xserver-xorg  1:7.7+24

Versions of packages lightdm suggests:
ii  accountsservice  23.13.9-7
ii  upower           1.90.7-1
ii  xserver-xephyr   2:21.1.15-2

-- Configuration Files:
/etc/lightdm/lightdm.conf changed:
[LightDM]
[Seat:*]
greeter-hide-users=false
greeter-show-manual-login=false
greeter-show-remote-login=false
allow-user-switching=true
display-setup-script=/etc/lightdm/fraxdisplaysetup.sh
autologin-user=frax
autologin-user-timeout=0
autologin-session=lightdm-autologin
[XDMCPServer]
[VNCServer]

/etc/lightdm/users.conf changed:
[UserList]
minimum-uid=1366
hidden-users=nobody nobody4 noaccess
hidden-shells=/bin/false /usr/sbin/nologin

/etc/pam.d/lightdm changed:
auth      requisite pam_nologin.so
session      required pam_env.so readenv=1
session      required pam_env.so readenv=1 envfile=/etc/default/locale
auth	[success=1 default=ignore]	pam_unix.so nullok try_first_pass
auth	requisite			pam_deny.so
auth	required			pam_permit.so
-auth  optional pam_gnome_keyring.so
@include common-account
session  [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session  required        pam_limits.so
session  required        pam_loginuid.so
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
-session optional        pam_gnome_keyring.so auto_start
@include common-password


-- debconf information:
* shared/default-x-display-manager: lightdm
  lightdm/daemon_name: /usr/sbin/lightdm

--- End Message ---

--- Begin Message ---

To: 1094494-close@bugs.debian.org
Subject: Bug#1094494: fixed in xorg 1:7.7+25
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 01 Sep 2025 07:50:29 +0000
Message-id: <E1uszJ7-005kN7-1X@fasolo.debian.org>
Reply-to: Timo Aaltonen <tjaalton@debian.org>

Source: xorg
Source-Version: 1:7.7+25
Done: Timo Aaltonen <tjaalton@debian.org>

We believe that the bug you reported is fixed in the latest version of
xorg, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1094494@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Timo Aaltonen <tjaalton@debian.org> (supplier of updated xorg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 01 Sep 2025 10:07:30 +0300
Source: xorg
Built-For-Profiles: noudeb
Architecture: source
Version: 1:7.7+25
Distribution: unstable
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Timo Aaltonen <tjaalton@debian.org>
Closes: 1094494
Changes:
 xorg (1:7.7+25) unstable; urgency=medium
 .
   [ Jochen Sprickerhof ]
   * 20x11-common_process-args: Only use the first word for command -v
     (Closes: #1094494)
Checksums-Sha1:
 3cfe52b5c3af3136c26783de65085f4b744eab07 1970 xorg_7.7+25.dsc
 e76f56ae159d534f75f2076845e9774a20ef8614 234264 xorg_7.7+25.tar.xz
 d118368f4a0853c256074b85e2522e57226ac4fc 7287 xorg_7.7+25_source.buildinfo
Checksums-Sha256:
 db706e466582d2b2573fe3fcec7e1bf43fb47b7ddd3bd552e85a67c27b66190c 1970 xorg_7.7+25.dsc
 3c14a64b4f419e250c2ef34e197b2e0ea3c6c5e5037d7939ddeb4437471be0f6 234264 xorg_7.7+25.tar.xz
 0c49033592f186c06f2100d5bc602872555f74b988909e4c3b297e1b5aa4b798 7287 xorg_7.7+25_source.buildinfo
Files:
 794094d527f8cfe8a601a39869776a7c 1970 x11 optional xorg_7.7+25.dsc
 7d8a707829972ac434f50020ab1cf7ba 234264 x11 optional xorg_7.7+25.tar.xz
 6f561aa604025dc25765f738c1ca0080 7287 x11 optional xorg_7.7+25_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAmi1SoYACgkQy3AxZaiJ
hNwZFxAAhRyBBxmf5ICeSXfGMeX4El3hQ11LU49CkR5bVhb7fiHv5UcfJQ8YMWLO
It39aWBQNfVy5MSiztxTMmG43zCKGkFU4b6RVohJprWa9fBC4KmnTHMJBMFhqe09
qfgQKIcrtIpzdway2vU9u57gts8A/UuuLvdGk3HnrQpGcKx9bPKqN2P7bZ7nhA9t
QGMANeBc1y0qQ2+2HmX1dIhB5SihzpApse5qyeP1KvLG8DA1XoDeByirTuDbKR4P
JzRwQMK/FvtnfEDnk8eoJzqJwVa/YQYyDmmZkh30wi7kSRWCBXk9dMsJ+cPFPoo1
3txHgpB/1Ux58DWaj18LYhkZ7JM4SOfK9MmLXDhjn2/AF96CLXLPXxiThXQQ/nb4
YH7JpmC2rid/zyKDL9NtR4YnxKrdLKX9zEnDAr7KzYmE2GLAL+D1Bvmf+3DOJ2uY
dEjvl/7F9XGx3QuCV8sKXEWeD57R547xJdQD/VSsUndPlM6Uue+BIH34Hb+m5IXA
6E59YCPnegBoM16SwI33wFaTi/GBieLGnvzzYp99a5z2+5Yv+k80v9OyPiL6lJWX
ak+2ifGe33zWepKVdXnuW6XTEzsPCf4ZeDFn0sM5hYT7tE7k8YVeRSVeWZgqwlQq
3TydyRAnccy+ZvYgMYuGs+STGqtJsWzV0E1fWqiWGWNRdd44bUM=
=+ow9
-----END PGP SIGNATURE-----

Attachment: pgpKY1dYDfBtx.pgp
Description: PGP signature

--- End Message ---

Reply to:

Prev by Date: Bug#1094494: marked as done (xorg-common: 20x11-common_process-args: fails on xsession executable with args)
Next by Date: Processed: severity of 1112691 is important, severity of 1112692 is important, severity of 1112693 is important ...
Previous by thread: Bug#1094494: marked as done (xorg-common: 20x11-common_process-args: fails on xsession executable with args)
Next by thread: Processed: severity of 1112691 is important, severity of 1112692 is important, severity of 1112693 is important ...
Index(es):
- Date
- Thread