Bug#1024676: gdm3: Insecure default configuration lets unauthenticated users turn off my wifi
Ronny Rentner
debian-bugs at ronny-rentner.de
Wed Nov 23 05:15:25 GMT 2022
Package: gdm3
Version: 43.0-1
Severity: normal
X-Debbugs-Cc: debian-bugs at ronny-rentner.de
Dear Maintainer,
from the GDM3 login screen, any unauthenticated user can change central system
settings like turn off my wifi. This is causing trouble because my computer
suddenly becomes unreachable from the internet. Also any background processes
requiring network will stop working.
By default, this shouldn't be possible.
For a comparison: On Android, there is also a quick setting for wifi, but it
requires you to authenticate if you want to change it.
Thanks in advance!
Ronny
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (400, 'testing'), (100, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.0.0-4-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages gdm3 depends on:
ii accountsservice 22.08.8-1+b1
ii adduser 3.129
ii dbus [default-dbus-system-bus] 1.14.4-1
ii dbus-bin 1.14.4-1
ii dbus-daemon 1.14.4-1
ii dconf-cli 0.40.0-3
ii dconf-gsettings-backend 0.40.0-3
ii debconf [debconf-2.0] 1.5.79
ii gir1.2-gdm-1.0 43.0-1
ii gnome-session [x-session-manager] 43.0-1
ii gnome-session-bin 43.0-1
ii gnome-session-common 43.0-1
ii gnome-session-flashback [x-session-manager] 3.46.0-1
ii gnome-settings-daemon 43.0-3
ii gnome-shell 43.1-2
ii gnome-terminal [x-terminal-emulator] 3.46.2-1
ii gsettings-desktop-schemas 43.0-1
ii kitty [x-terminal-emulator] 0.21.2-2
ii konsole [x-terminal-emulator] 4:22.08.1-1
ii libaccountsservice0 22.08.8-1+b1
ii libaudit1 1:3.0.7-1.1+b2
ii libc6 2.36-5
ii libcanberra-gtk3-0 0.30-10
ii libcanberra0 0.30-10
ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1
ii libgdm1 43.0-1
ii libglib2.0-0 2.74.1-2
ii libglib2.0-bin 2.74.1-2
ii libgtk-3-0 3.24.34-5
ii libgudev-1.0-0 237-2
ii libkeyutils1 1.6.3-1
ii libpam-modules 1.5.2-5
ii libpam-runtime 1.5.2-5
ii libpam-systemd [logind] 252.1-1
ii libpam0g 1.5.2-5
ii librsvg2-common 2.54.5+dfsg-1
ii libselinux1 3.4-1+b3
ii libsystemd0 252.1-1
ii libx11-6 2:1.8.1-2
ii libxau6 1:1.0.9-1
ii libxcb1 1.15-1
ii libxdmcp6 1:1.1.2-3
ii lsb-base 11.5
ii marco [x-window-manager] 1.26.1-1
ii mate-session-manager [x-session-manager] 1.26.0-1
ii mate-terminal [x-terminal-emulator] 1.26.0-1
ii metacity [x-window-manager] 1:3.46.0-1
ii mutter [x-window-manager] 43.0-2
ii polkitd 122-1
ii procps 2:3.3.17-7.1
ii systemd-sysv 252.1-1
ii sysvinit-utils [lsb-base] 3.05-7
ii ucf 3.0043
ii x11-common 1:7.7+23
ii x11-xserver-utils 7.7+9+b1
ii xfce4-terminal [x-terminal-emulator] 1.0.4-1
ii xfwm4 [x-window-manager] 4.16.1-1
Versions of packages gdm3 recommends:
ii at-spi2-core 2.46.0-4
ii desktop-base 11.0.3
ii gnome-session [x-session-manager] 43.0-1
ii gnome-session-flashback [x-session-manager] 3.46.0-1
ii mate-session-manager [x-session-manager] 1.26.0-1
ii x11-xkb-utils 7.7+7
ii xserver-xephyr 2:21.1.4-3
ii xserver-xorg 1:7.7+23
ii zenity 3.43.0-1
Versions of packages gdm3 suggests:
pn libpam-fprintd <none>
ii libpam-gnome-keyring 42.1-1+b1
pn libpam-pkcs11 <none>
pn libpam-sss <none>
pn orca <none>
-- Configuration Files:
/etc/gdm3/PostSession/Default changed [not included]
/etc/gdm3/daemon.conf changed [not included]
-- debconf information excluded
More information about the pkg-gnome-maintainers
mailing list