Bug#259173: marked as done (gdm: SecureSystemMenu is either too secure or too insecure)

Debian Bug Tracking System owner@bugs.debian.org
Tue, 13 Jul 2004 03:18:11 -0700 

Your message dated Tue, 13 Jul 2004 03:10:00 -0700
with message-id <20040713101000.GT28843@cyberhqz.com>
and subject line Bug#259173: gdm: SecureSystemMenu is either too secure or too insecure
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 13 Jul 2004 09:39:22 +0000
>From piefel@informatik.hu-berlin.de Tue Jul 13 02:39:22 2004
Return-path: <piefel@informatik.hu-berlin.de>
Received: from mail.informatik.hu-berlin.de [141.20.20.50] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BkJkw-0007fJ-00; Tue, 13 Jul 2004 02:39:22 -0700
Received: from kosh.informatik.hu-berlin.de (mail@kosh [141.20.23.210])
	by mail.informatik.hu-berlin.de (8.12.10/8.12.10/INF-2.0-MA-SOLARIS-2.8) with ESMTP id i6D9dI4T023027
	for <submit@bugs.debian.org>; Tue, 13 Jul 2004 11:39:18 +0200 (MEST)
Received: from piefel by kosh.informatik.hu-berlin.de with local (Exim 3.36 #1 (Debian))
	id 1BkJkv-0004R8-00
	for <submit@bugs.debian.org>; Tue, 13 Jul 2004 11:39:21 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Michael Piefel <piefel@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: gdm: SecureSystemMenu is either too secure or too insecure
X-Mailer: reportbug 2.63
Date: Tue, 13 Jul 2004 11:39:21 +0200
Message-Id: <E1BkJkv-0004R8-00@kosh.informatik.hu-berlin.de>
Sender: Michael Piefel <piefel@informatik.hu-berlin.de>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: gdm
Version: 2.6.0.3-1
Severity: important
Tags: security

gdm has a System Menu which offers options such as "Shut down the
computer" and "Edit gdm otions". Using gdm.conf's SecureSystemMenu
setting, this menu either requests the root password or it doesn't.

This leads to the unfortunate situation where either:
- Any user has to enter the root password to shut down the computer.
  IOW, they cannot, because I won't give them the password. They can cut
  the power, but that isn't good.
- Any user can change all of gdm's settings, including auto-login for a
  certain user and such. This opens a wide security hole.

At home (older gdm version) the settings menu requires a password,
shutting down doesn't. That's the way it should be. If shutting down has
to be protected by a password, this has to be a separate option.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.5-1-k7
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8

Versions of packages gdm depends on:
ii  adduser                   3.57           Add and remove users and groups
ii  debconf                   1.4.29         Debian configuration management sy
ii  dpkg                      1.10.22        Package maintenance system for Deb
ii  gksu                      1.2.0-2        graphical frontend to su
ii  gnome-session             2.6.2-3        The GNOME 2 Session Manager
ii  gnome-terminal [x-termina 2.6.1-4        The GNOME 2 terminal emulator appl
ii  libart-2.0-2              2.3.16-5       Library of functions for 2D graphi
ii  libatk1.0-0               1.6.1-2        The ATK accessibility toolkit
ii  libattr1                  2.4.16-1       Extended attribute shared library
ii  libbonobo2-0              2.6.2-4        Bonobo CORBA interfaces library
ii  libbonoboui2-0            2.6.1-1        The Bonobo UI library
ii  libc6                     2.3.2.ds1-13   GNU C Library: Shared libraries an
ii  libgconf2-4               2.6.2-1        GNOME configuration database syste
ii  libglade2-0               1:2.4.0-1      Library to load .glade files at ru
ii  libglib2.0-0              2.4.2-1        The GLib library of C routines
ii  libgnome2-0               2.6.1-8        The GNOME 2 library - runtime file
ii  libgnomecanvas2-0         2.6.1.1-2      A powerful object-oriented display
ii  libgnomeui-0              2.6.1.1-3      The GNOME 2 libraries (User Interf
ii  libgnomevfs2-0            2.6.1.1-4      The GNOME virtual file-system libr
ii  libgtk2.0-0               2.4.3-3        The GTK+ graphical user interface 
ii  libice6                   4.3.0.dfsg.1-6 Inter-Client Exchange library
ii  liborbit2                 1:2.10.2-1.1   libraries for ORBit2 - a CORBA ORB
ii  libpam-modules            0.76-22        Pluggable Authentication Modules f
ii  libpam-runtime            0.76-22        Runtime support for the PAM librar
ii  libpam0g                  0.76-22        Pluggable Authentication Modules l
ii  libpango1.0-0             1.4.0-4        Layout and rendering of internatio
ii  libpopt0                  1.7-4          lib for parsing cmdline parameters
ii  librsvg2-2                2.7.2-2        SAX-based renderer library for SVG
ii  libselinux1               1.14-1         SELinux shared libraries
ii  libsm6                    4.3.0.dfsg.1-6 X Window System Session Management
ii  libwrap0                  7.6.dbs-4      Wietse Venema's TCP wrappers libra
ii  libx11-6                  4.3.0.dfsg.1-6 X Window System protocol client li
ii  libxext6                  4.3.0.dfsg.1-6 X Window System miscellaneous exte
ii  libxml2                   2.6.10-3       GNOME XML library
ii  metacity [x-window-manage 1:2.8.1-3      A lightweight GTK2 based Window Ma
ii  rxvt [x-terminal-emulator 1:2.6.4-6      VT102 terminal emulator for the X 
ii  twm [x-window-manager]    4.3.0.dfsg.1-6 Tab window manager
ii  xbase-clients             4.3.0.dfsg.1-6 miscellaneous X clients
ii  xlibs                     4.3.0.dfsg.1-6 X Window System client libraries m
ii  xterm [x-terminal-emulato 4.3.0.dfsg.1-6 X terminal emulator
ii  zlib1g                    1:1.2.1.1-3    compression library - runtime

-- debconf information:
  gdm/daemon_name: /usr/bin/gdm
  shared/default-x-display-manager: gdm

---------------------------------------
Received: (at 259173-done) by bugs.debian.org; 13 Jul 2004 10:10:11 +0000
>From rmurray@cyberhqz.com Tue Jul 13 03:10:11 2004
Return-path: <rmurray@cyberhqz.com>
Received: from (straylight.cyberhqz.com) [24.85.92.182] (postfix)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BkKEl-0003bd-00; Tue, 13 Jul 2004 03:10:11 -0700
Received: from localhost (localhost [127.0.0.1])
	by straylight.cyberhqz.com (Postfix) with ESMTP
	id 1D6EA5416A; Tue, 13 Jul 2004 03:10:09 -0700 (PDT)
Received: from straylight.cyberhqz.com ([127.0.0.1])
	by localhost (straylight [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 12381-08; Tue, 13 Jul 2004 03:10:00 -0700 (PDT)
Received: by straylight.cyberhqz.com (Postfix, from userid 1000)
	id 4731D54166; Tue, 13 Jul 2004 03:10:00 -0700 (PDT)
Date: Tue, 13 Jul 2004 03:10:00 -0700
From: Ryan Murray <rmurray@debian.org>
To: Michael Piefel <piefel@debian.org>, 259173-done@bugs.debian.org
Subject: Re: Bug#259173: gdm: SecureSystemMenu is either too secure or too insecure
Message-ID: <20040713101000.GT28843@cyberhqz.com>
References: <E1BkJkv-0004R8-00@kosh.informatik.hu-berlin.de>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="gLcqQrOcczDba7nC"
Content-Disposition: inline
In-Reply-To: <E1BkJkv-0004R8-00@kosh.informatik.hu-berlin.de>
User-Agent: Mutt/1.3.28i
Delivered-To: 259173-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 


--gLcqQrOcczDba7nC
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jul 13, 2004 at 11:39:21AM +0200, Michael Piefel wrote:
> gdm has a System Menu which offers options such as "Shut down the
> computer" and "Edit gdm otions". Using gdm.conf's SecureSystemMenu
> setting, this menu either requests the root password or it doesn't.
>=20
> This leads to the unfortunate situation where either:
> - Any user has to enter the root password to shut down the computer.
>   IOW, they cannot, because I won't give them the password. They can cut
>   the power, but that isn't good.
> - Any user can change all of gdm's settings, including auto-login for a
>   certain user and such. This opens a wide security hole.

The configuration option always requires the root password, whether secure
system menu is on or not.

--=20
Ryan Murray, Debian Developer (rmurray@cyberhqz.com, rmurray@debian.org)
The opinions expressed here are my own.

--gLcqQrOcczDba7nC
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFA87T3N2Dbz/1mRasRAti+AJ46vR69nxMFd9xCIMwY/JQKvud8AwCfZ9ry
Ge5lmBbkCv7+QZnzwyeCz1A=
=q71U
-----END PGP SIGNATURE-----

--gLcqQrOcczDba7nC--