Bug#580629: gdm3 - allows unauthenticated users to change power configuration
Josselin Mouette
joss at debian.org
Sat Jun 12 08:44:51 UTC 2010
Le vendredi 07 mai 2010 à 23:42 +0200, Bastian Blank a écrit :
> On Fri, May 07, 2010 at 09:18:48PM +0200, Josselin Mouette wrote:
> > Le vendredi 07 mai 2010 à 12:08 +0200, Bastian Blank a écrit :
> > > gdm3 allows unauthenticated users to change the power configuration,
> > > including automatic suspend.
> > > This is a DoS on any non-singleuser machine.
> > What do you mean by “unauthenticated users”? Do you mean it is possible
> > to change that configuration from the login screen?
>
> Yes. The login screen allow access to gnome-power-manager properties.
> See /usr/share/gdm/autostart/LoginWindow/gnome-power-manager.desktop.
The power manager daemon is launched, but that doesn’t give you access
to the properties.
Could you explain exactly how you would exploit that?
Thanks,
--
.''`. Josselin Mouette
: :' :
`. `' “If you behave this way because you are blackmailed by someone,
`- […] I will see what I can do for you.” -- Jörg Schilling
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20100612/00f2c7d7/attachment-0001.pgp>
More information about the pkg-gnome-maintainers
mailing list