Bug#721388: gdm3: anyone can change the user's next session

Laurent Bigonville bigon at debian.org
Mon Sep 9 15:26:30 UTC 2013


Le Mon, 2 Sep 2013 11:02:11 +0200,
Vincent Lefevre <vincent at vinc17.net> a écrit :

> Control: retitle -1 gdm3: anyone can change the user's next session
> in a more-or-less hidden way
> I've found the problem: someone has apparently changed my next session
> while I wasn't here. This is some kind of security problem: someone
> has more rights that he should have.

So if I understood correctly:

1) A "rogue" user has selected your user in the list and then changed
   your session to something else.
2) When you arrived in front of the screen you saw that your user was
   already selected and then you just typed your password
3) You were logged in using the wrong session.

Is that correct?


Laurent Bigonville

More information about the pkg-gnome-maintainers mailing list