Bug#580629: gdm3 - allows unauthenticated users to change power configuration
Bastian Blank
waldi at debian.org
Fri May 7 21:42:11 UTC 2010
On Fri, May 07, 2010 at 09:18:48PM +0200, Josselin Mouette wrote:
> Le vendredi 07 mai 2010 à 12:08 +0200, Bastian Blank a écrit :
> > gdm3 allows unauthenticated users to change the power configuration,
> > including automatic suspend.
> > This is a DoS on any non-singleuser machine.
> What do you mean by “unauthenticated users”? Do you mean it is possible
> to change that configuration from the login screen?
Yes. The login screen allow access to gnome-power-manager properties.
See /usr/share/gdm/autostart/LoginWindow/gnome-power-manager.desktop.
Bastian
--
I'm a soldier, not a diplomat. I can only tell the truth.
-- Kirk, "Errand of Mercy", stardate 3198.9
More information about the pkg-gnome-maintainers
mailing list