Bug#689660: gdm: DoS with default DoubleLoginWarning
Paul Szabo
paul.szabo at sydney.edu.au
Thu Oct 4 20:53:37 UTC 2012
Package: gdm
Version: 2.20.11-4
Severity: normal
DoS with default DoubleLoginWarning
With default setting of DoubleLoginWarning=true GDM gets stuck
while showing the prompt
You are already logged in. You can log
in anyway or abort this login
[Log in anyway] [Abort login]
Strangely it is the "parent" GDM process that gets stuck, not
spawning any further children nor reaping defunct ones.
This makes it easy for a user to cause DoS: elicit that warning
then walk away: no-one else can log in.
I see this behaviour with XDMCP. Strangely, DoubleLoginWarning
seems related to VTs and AlwaysLoginCurrentSession which is
documented not to work with XDMCP.
A workaround seems to be to set
[daemon]
DoubleLoginWarning=false
in /etc/gdm/gdm.conf .
Cheers, Paul
Paul Szabo psz at maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- System Information:
Debian Release: 6.0.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.2.19-pk06.01-i386 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages gdm depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii debconf [debconf-2 1.5.36.1 Debian configuration management sy
ii gksu 2.0.2-5 graphical frontend to su
ii gnome-session [x-s 2.30.2-3 The GNOME Session Manager - GNOME
ii gnome-terminal [x- 2.30.2-1 The GNOME terminal emulator applic
ii icewm [x-window-ma 1.3.7~pre2-1 wonderful Win95-OS/2-Motif-like wi
ii konsole [x-termina 4:4.4.5-2 X terminal emulator
ii libart-2.0-2 2.3.21-1 Library of functions for 2D graphi
ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii libattr1 1:2.4.44-2 Extended attribute shared library
ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib
ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra
ii libdbus-1-3 1.2.24-4+squeeze1 simple interprocess messaging syst
ii libdbus-glib-1-2 0.88-2.1 simple interprocess messaging syst
ii libdmx1 1:1.1.0-2 X11 Distributed Multihead extensio
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.2-2.1+squeeze4 FreeType 2 font engine, shared lib
ii libglade2-0 1:2.6.4-1 library to load .glade files at ru
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libgnomecanvas2-0 2.30.1-1 A powerful object-oriented display
ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface
ii libpam-modules 1.1.1-6.1+squeeze1 Pluggable Authentication Modules f
ii libpam-runtime 1.1.1-6.1+squeeze1 Runtime support for the PAM librar
ii libpam0g 1.1.1-6.1+squeeze1 Pluggable Authentication Modules l
ii libpango1.0-0 1.28.3-1+squeeze2 Layout and rendering of internatio
ii librsvg2-2 2.26.3-1 SAX-based renderer library for SVG
ii librsvg2-common 2.26.3-1 SAX-based renderer library for SVG
ii libselinux1 2.0.96-1 SELinux runtime shared libraries
ii libwrap0 7.6.q-19 Wietse Venema's TCP wrappers libra
ii libx11-6 2:1.3.3-4 X11 client-side library
ii libxau6 1:1.0.6-1 X11 authorisation library
ii libxdmcp6 1:1.0.3-2 X11 Display Manager Control Protoc
ii libxext6 2:1.1.2-1 X11 miscellaneous extension librar
ii libxi6 2:1.3-7 X11 Input extension library
ii libxinerama1 2:1.1-3 X11 Xinerama extension library
ii libxml2 2.7.8.dfsg-2+squeeze5 GNOME XML library
ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip
ii metacity [x-window 1:2.30.1-3 lightweight GTK+ window manager
ii rxvt [x-terminal-e 1:2.6.4-14 VT102 terminal emulator for the X
ii sawfish [x-window- 1:1.3.5.2-2 a window manager for X11
ii xfce4-session [x-s 4.6.2-3 Xfce4 Session Manager
ii xfwm4 [x-window-ma 4.6.2-1 window manager of the Xfce project
ii xterm [x-terminal- 261-1 X terminal emulator
ii xvt [x-terminal-em 2.1-20 X terminal-emulator similar to xte
Versions of packages gdm recommends:
ii dialog 1.1-20100428-1 Displays user-friendly dialog boxe
pn gdm-themes <none> (no description available)
ii whiptail 0.52.11-1 Displays user-friendly dialog boxe
ii xserver-xephyr 2:1.7.7-14 nested X server
ii xserver-xorg 1:7.5+8+squeeze1 the X.Org X server
ii zenity 2.30.0-1 Display graphical dialog boxes fro
Versions of packages gdm suggests:
ii libpam-gnome-keyring 2.30.3-5 PAM module to unlock the GNOME key
ii locales 2.11.3-4 Embedded GNU C Library: National L
ii pm-utils 1.3.0-3 utilities and scripts for power ma
-- Configuration Files:
/etc/gdm/Init/Default changed:
PATH=/usr/bin:$PATH
OLD_IFS=$IFS
gdmwhich () {
COMMAND="$1"
OUTPUT=
IFS=:
for dir in $PATH
do
if test -x "$dir/$COMMAND" ; then
if test "x$OUTPUT" = "x" ; then
OUTPUT="$dir/$COMMAND"
fi
fi
done
IFS=$OLD_IFS
echo "$OUTPUT"
}
sysmodmap=/etc/X11/Xmodmap
XMODMAP=`gdmwhich xmodmap`
if [ "x$XMODMAP" != "x" ] ; then
if [ "x$GDM_PARENT_DISPLAY" = "x" ]; then
if [ -f $sysmodmap ]; then
$XMODMAP $sysmodmap
fi
else
( DISPLAY=$GDM_PARENT_DISPLAY XAUTHORITY=$GDM_PARENT_XAUTHORITY $XMODMAP -pke ) | $XMODMAP -
fi
#
# Switch Sun's Alt and Meta mod mappings
#
UNAME=`gdmwhich uname`
PROCESSOR=`$UNAME -p`
if [ "x$PROCESSOR" = "xsparc" ]; then
if $XMODMAP | /usr/bin/grep mod4 | /usr/bin/grep Alt > /dev/null 2>/dev/null
then
$XMODMAP -e "clear Mod1" \
-e "clear Mod4" \
-e "add Mod1 = Alt_L" \
-e "add Mod1 = Alt_R" \
-e "add Mod4 = Meta_L" \
-e "add Mod4 = Meta_R"
fi
fi
fi
SETXKBMAP=`gdmwhich setxkbmap`
if [ "x$SETXKBMAP" != "x" ] ; then
# FIXME: is this all right? Is this completely on crack?
# What this does is move the xkb configuration from the GDM_PARENT_DISPLAY
# FIXME: This should be done in code. Or there must be an easier way ...
if [ -n "$GDM_PARENT_DISPLAY" ]; then
XKBSETUP=`( DISPLAY=$GDM_PARENT_DISPLAY XAUTHORITY=$GDM_PARENT_XAUTHORITY $SETXKBMAP -v )`
if [ -n "$XKBSETUP" ]; then
XKBKEYMAP=`echo "$XKBSETUP" | grep '^keymap' | awk '{ print $2 }'`
XKBTYPES=`echo "$XKBSETUP" | grep '^types' | awk '{ print $2 }'`
XKBCOMPAT=`echo "$XKBSETUP" | grep '^compat' | awk '{ print $2 }'`
XKBSYMBOLS=`echo "$XKBSETUP" | grep '^symbols' | awk '{ print $2 }'`
XKBGEOMETRY=`echo "$XKBSETUP" | grep '^geometry' | awk '{ print $2 }'`
if [ -n "$XKBKEYMAP" ]; then
$SETXKBMAP -keymap "$XKBKEYMAP"
elif [ -n "$XKBTYPES" -a -n "$XKBCOMPAT" -a -n "$XKBSYMBOLS" -a -n "$XKBGEOMETRY" ]; then
$SETXKBMAP -types "$XKBTYPES" -compat "$XKBCOMPAT" -symbols "$XKBSYMBOLS" -geometry "$XKBGEOMETRY"
elif [ -n "$XKBTYPES" -a -n "$XKBCOMPAT" -a -n "$XKBSYMBOLS" ]; then
$SETXKBMAP -types "$XKBTYPES" -compat "$XKBCOMPAT" -symbols "$XKBSYMBOLS"
elif [ -n "$XKBSYMBOLS" ]; then
$SETXKBMAP -symbols "$XKBSYMBOLS"
fi
fi
fi
fi
exit 0
/etc/gdm/gdm.conf changed:
[daemon]
DefaultPath=/usr/sms/bin:/usr/local/bin:/usr/bin:/bin
RootPath=/usr/sms/sbin:/usr/sms/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
RemoteGreeter=/usr/lib/gdm/gdmgreeter
DoubleLoginWarning=false
[security]
DisallowTCP=false
AllowRoot=true
[xdmcp]
Enable=true
HonorIndirect=true
MaxPending=4
MaxPendingIndirect=128
MaxSessions=128
MaxWait=30
MaxWaitIndirect=30
DisplaysPerHost=1
Port=177
Willing=/etc/gdm/Xwilling
RemoteGreeter=/usr/lib/gdm/gdmgreeter
[gui]
[greeter]
DefaultWelcome=false
Welcome=Welcome to %n
GraphicalTheme=happygnome
[chooser]
[debug]
Enable=true
[servers]
-- debconf information:
gdm/daemon_name: /usr/sbin/gdm
* shared/default-x-display-manager: gdm
More information about the pkg-gnome-maintainers
mailing list