Bug#1095270: marked as done (lightdm: /usr/share/xsessions/lightdm-autologin.desktop error in exec statement)

To: Jeremy Bícha <jbicha@ubuntu.com>
Subject: Bug#1095270: marked as done (lightdm: /usr/share/xsessions/lightdm-autologin.desktop error in exec statement)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 08 Nov 2025 11:33:02 +0000
Message-id: <[🔎] handler.1095270.D1094494.1762601534532408.ackdone@bugs.debian.org>
Reply-to: 1095270@bugs.debian.org
References: <E1vHhAx-00G9Rd-2a@fasolo.debian.org> <173883015955.22563.86960096699681201.reportbug@frax1pad.axnet.nu>

Your message dated Sat, 08 Nov 2025 11:32:11 +0000
with message-id <E1vHhAx-00G9Rd-2a@fasolo.debian.org>
and subject line Bug#1094494: fixed in xorg 1:7.7+24+deb13u1
has caused the Debian Bug report #1094494,
regarding lightdm: /usr/share/xsessions/lightdm-autologin.desktop error in exec statement
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1094494: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094494
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: lightdm: /usr/share/xsessions/lightdm-autologin.desktop error in exec statement
From: frax1pad@axnet.nu
Date: Thu, 06 Feb 2025 09:22:39 +0100
Message-id: <173883015955.22563.86960096699681201.reportbug@frax1pad.axnet.nu>

Package: lightdm
Version: 1.32.0-6+b1
Severity: grave
Justification: user security hole
X-Debbugs-Cc: frax@axnet.nu

dist-upgrading Feb 5 2025 using autologin with lightdm with the attached config
in particular setting
  autologin-session=lightdm-autologin
in /etc/lightdm/lightdm.conf

we get the following error:

   Xsession: unable to launch "env AUTOLOGIN=yes /etc/X11/Xsession" X session --- 
   "env AUTOLOGIN=yes /etc/X11/Xsession" not found; falling back to default 

due to the Exec-statement in /usr/share/xsessions/lightdm-autologin.desktop
  Exec=env AUTOLOGIN=yes /etc/X11/Xsession

However, /etc/X11/Xsession will be launced anyway wich is a user security problem / hole
since AUTOLOGIN=yes is not set and the user will not know that it should take height
for the session being an AUTOLOGIN session, e.g. by immediately locking the screen
in case of unattended reboot / start-up, potentially leaving the session wide open
giving access to everybody having physical access to the computer.

The soloution would be as simple as fixing /usr/share/xsessions/lightdm-autologin.desktop
to actually exporting AUTOLOGIN=yes before launching /etc/X11/Xsession,
e.g. by an executable wrapper:

~~~ /etc/X11/Xsession-AUTOLOGIN ~~~
  #!/bin/sh
  AUTOLOGIN=yes
  export AUTOLOGIN
  exec /etc/X11/Xsession
~~~

Setting
  Exec=/etc/X11/Xsession-AUTOLOGIN
in /usr/share/xsessions/lightdm-autologin.desktop


-- System Information:
Debian Release: trixie/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.12.11-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages lightdm depends on:
ii  adduser                                3.137
ii  dbus                                   1.16.0-1
ii  debconf [debconf-2.0]                  1.5.89
ii  libaudit1                              1:4.0.2-2+b1
ii  libc6                                  2.40-6
ii  libgcrypt20                            1.11.0-7
ii  libglib2.0-0t64                        2.82.4-2
ii  libpam-systemd [logind]                257.2-3
ii  libpam0g                               1.7.0-2
ii  libxcb1                                1.17.0-2+b1
ii  libxdmcp6                              1:1.1.5-1
ii  lightdm-gtk-greeter [lightdm-greeter]  2.0.9-1

Versions of packages lightdm recommends:
ii  xserver-xorg  1:7.7+24

Versions of packages lightdm suggests:
ii  accountsservice  23.13.9-7
ii  upower           1.90.7-1
ii  xserver-xephyr   2:21.1.15-2

-- Configuration Files:
/etc/lightdm/lightdm.conf changed:
[LightDM]
[Seat:*]
greeter-hide-users=false
greeter-show-manual-login=false
greeter-show-remote-login=false
allow-user-switching=true
display-setup-script=/etc/lightdm/fraxdisplaysetup.sh
autologin-user=frax
autologin-user-timeout=0
autologin-session=lightdm-autologin
[XDMCPServer]
[VNCServer]

/etc/lightdm/users.conf changed:
[UserList]
minimum-uid=1366
hidden-users=nobody nobody4 noaccess
hidden-shells=/bin/false /usr/sbin/nologin

/etc/pam.d/lightdm changed:
auth      requisite pam_nologin.so
session      required pam_env.so readenv=1
session      required pam_env.so readenv=1 envfile=/etc/default/locale
auth	[success=1 default=ignore]	pam_unix.so nullok try_first_pass
auth	requisite			pam_deny.so
auth	required			pam_permit.so
-auth  optional pam_gnome_keyring.so
@include common-account
session  [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session  required        pam_limits.so
session  required        pam_loginuid.so
@include common-session
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
-session optional        pam_gnome_keyring.so auto_start
@include common-password


-- debconf information:
* shared/default-x-display-manager: lightdm
  lightdm/daemon_name: /usr/sbin/lightdm

--- End Message ---

--- Begin Message ---

To: 1094494-close@bugs.debian.org
Subject: Bug#1094494: fixed in xorg 1:7.7+24+deb13u1
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 08 Nov 2025 11:32:11 +0000
Message-id: <E1vHhAx-00G9Rd-2a@fasolo.debian.org>
Reply-to: Jeremy Bícha <jbicha@ubuntu.com>

Source: xorg
Source-Version: 1:7.7+24+deb13u1
Done: Jeremy Bícha <jbicha@ubuntu.com>

We believe that the bug you reported is fixed in the latest version of
xorg, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1094494@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jeremy Bícha <jbicha@ubuntu.com> (supplier of updated xorg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 07 Nov 2025 14:43:44 -0500
Source: xorg
Built-For-Profiles: noudeb
Architecture: source
Version: 1:7.7+24+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Debian X Strike Force <debian-x@lists.debian.org>
Changed-By: Jeremy Bícha <jbicha@ubuntu.com>
Closes: 1094494
Changes:
 xorg (1:7.7+24+deb13u1) trixie; urgency=medium
 .
   * Team upload
 .
   [ Jochen Sprickerhof ]
   * 20x11-common_process-args: Only use the first word for command -v
     (Closes: #1094494)
Checksums-Sha1:
 f4568c693e7242c87bb29bb98f4422e759e78f24 2002 xorg_7.7+24+deb13u1.dsc
 d859f4c609cdffe6911691fec3cffa730951ee03 234192 xorg_7.7+24+deb13u1.tar.xz
 222652efd51f30dbe88278850f8190045b47b395 7186 xorg_7.7+24+deb13u1_source.buildinfo
Checksums-Sha256:
 9774f8e48f9883d6ac7e907bc58c7f9b8e4899f8f16a0749d9e65951c0fbe9da 2002 xorg_7.7+24+deb13u1.dsc
 e08f0221d87683d1caa73fc07788c95aa81b2c86842ff1b55b6f24dfd378659a 234192 xorg_7.7+24+deb13u1.tar.xz
 9b34799faf349eaf22c8c792c435f2f2452621fe8fbb5fcde2f73f6d43cfb018 7186 xorg_7.7+24+deb13u1_source.buildinfo
Files:
 bab7fcfa281976601f40d86cbc4c2740 2002 x11 optional xorg_7.7+24+deb13u1.dsc
 8942351825568445784608991cce9ccb 234192 x11 optional xorg_7.7+24+deb13u1.tar.xz
 698d7775ca3e64490b05b8cfc1013eaf 7186 x11 optional xorg_7.7+24+deb13u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmkOTkQACgkQ5mx3Wuv+
bH2v5g/+LpMV5hojXct4BJZdcu+WmdeKUxh7dMRMPyXMDNPEsOKMXRC5+hkLb1fx
7U7kcO5mAhLXo32worhuLgqIw4muDYa2GrJu+7ZkS31N8jNeicGQKsbjnBPGN5Y8
N1ZgmL3cqqEqZ+q3nBHUNGbm27+8vJAgGn1iU4e2HB81RlarWENNpHwHI4tasZZ5
9fEykQv+U4IU8XgomK1nzBwhFUpasIgCAgbr+FP0+PhnXrvsohrA8CORXzpedBDA
JNOIbvOXDXiMCpFf7AQ5LR0456q1iai2rxvRLw4KWvGqdOXwD3/cnMn9ICnCUcmY
tFBtj+fLFPb5FHLNLy45ZomKyqWhhq/Z8ijEI9I8NfJ8AZxW6dSH3vDrWEXVTzBj
2Y8jRnAZvBgdTfOyyvNAItTjiamQcojGPrwBUQoVrUaJA5G7byKcxs6SxGz1q1aZ
XKIc6EozvvY52f7IEYMFkqx3rbvznRt9LS/7sglbbnGx05nY+LKQlACW7cjbIeH2
JjouD7WGdIP1rG0BrhQOdIbf2F7ZEseE9yr3RzoWk2TPYqilK2dmDI2ih3J9kmWz
oCwDRH+kU0YhKkRqmtpuZZiMxUaLzDPnQFc/id1JhM+Zcqu5Y4pvt8rueyYWSg5N
R16KERFjVE+MIcAINoxwhz3AAGT6P6dKULRhpEd/xvgMB0hn53U=
=q6TJ
-----END PGP SIGNATURE-----

Attachment: pgpLqYk9lPmus.pgp
Description: PGP signature

--- End Message ---

Reply to:

Prev by Date: Bug#1094494: marked as done (xorg-common: 20x11-common_process-args: fails on xsession executable with args)
Next by Date: Bug#1120388: XvGetStill.3: Some remarks and a patch with editorial changes for this man page
Previous by thread: Bug#1094494: marked as done (xorg-common: 20x11-common_process-args: fails on xsession executable with args)
Next by thread: Bug#1120388: XvGetStill.3: Some remarks and a patch with editorial changes for this man page
Index(es):
- Date
- Thread