Summary: GDM could be made to launch a browser and leak information about the system. Software Description: - gdm: GNOME Display Manager Details: Henne Vogelsang discovered that under certain PolicyKit configurations, GDM could be made to launch a browser. A local attacker could exploit this to gain access to files with the privileges of the gdm user.
saispo or other people, ok to work in this security issue ?
CC: (none) => ahmadsamir3891, cjw, dmorganec, ennael1, mageia, mageia, mageia
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1709 Seems to be small patch: https://bugzilla.redhat.com/attachment.cgi?id=501874 Anyone willing to do it?
CC: (none) => sander.lepik
\o_ i can i can :)
Assignee: bugsquad => qa-bugs
available in update_testing
Anyone know how to get gdm to open a web browser to test this, before installing the update?
CC: (none) => davidwhodgins
Without a pos, we can only test that the program works. I've tested gdm on i586, selecting language, desktop, and user. As this is a security update, it should be given a high priority. Testing on x86-64 still needed.
I have found a problem. When using gdm to start kde, I've found alt+ctrl+f12 (or any other function key) doesn't work. I've switched back to run level 3, where it does work.
Testing x86_64 seems OK. I can't reproduce the problem you are having Dave. I'll try i586 too. There are no exploits listed on SecurityFocus for this CVE.
CC: (none) => eeeemail
Tested OK i586 too on my system. Can you reproduce the problem Dave?
I'm assuming it was gnome-settings-daemon as there is no GDM package in testing?
That was a mistake on my part. I didn't check the version number. D Morgan, can you check the submit? The gdm package is not in Core Updates Testing.
I've noticed that when switching back to KDM from GDM the Mageia login has reverted to a standard KDM type one, which is pretty ugly. Is there a way to fix that / is it a bug?
Reassigning to packager till update shows up in Core Updates Testing.
Assignee: qa-bugs => dmorganec
(In reply to comment #9) > Tested OK i586 too on my system. > > Can you reproduce the problem Dave? Nope. Currently alt+ctrl+f12 is working, with gdm from Core Release.
Ping? Still no gdm package available in Core Updates Testing.
olav, can you look at this bug ?
CC: (none) => olav
I'll investigate.
Status: NEW => ASSIGNED
dmorgan already made all the required changes to the spec, but I don't see any new gdm in 1/core/updates_testing. Submitted package again.
Submitted package, gdm-2.32.1-1.1.mga1 as made by dmorgan. I do not have Mageia 1, so cannot do any QA...
Status: ASSIGNED => NEWAssignee: dmorganec => qa-bugs
Version: Cauldron => 1
i586: GDM tested OK with gnome, kde, lxde and icewm. The proper mageia login screen is back too which is good.
x86_64: GDM tested OK with gnome and kde On both systems though when switching to GDM from KDM and clicking OK to restart DM it dropped me to a TTY1 text login prompt. Once logged in startx brought up the desktop. Once rebooted no further occurrences. I will switch between the two a few times and see if I can identify any error messages.
There is something not quite right with this. I am unable to switch to any TTY other than tty8 which is where the desktop is running. Any other seems to give no output at all, to the extent my monitor tells me it has no input. There are messages in syslog when attempting to switch tty's Sep 24 13:59:13 mega acpid: client 11963[0:0] has disconnected Sep 24 13:59:13 mega acpid: client 11963[0:0] has disconnected Sep 24 13:59:13 mega acpid: client connected from 11963[0:0] Sep 24 13:59:13 mega acpid: 1 client rule loaded Sep 24 13:59:13 mega acpid: client connected from 11963[0:0] Sep 24 13:59:13 mega acpid: 1 client rule loaded Sep 24 13:59:24 mega acpid: client 11963[0:0] has disconnected Sep 24 13:59:24 mega acpid: client 11963[0:0] has disconnected Sep 24 13:59:24 mega acpid: client connected from 11963[0:0] Sep 24 13:59:24 mega acpid: 1 client rule loaded Sep 24 13:59:25 mega acpid: client connected from 11963[0:0] Sep 24 13:59:25 mega acpid: 1 client rule loaded Sep 24 13:59:32 mega acpid: client 11963[0:0] has disconnected Sep 24 13:59:32 mega acpid: client 11963[0:0] has disconnected Sep 24 13:59:32 mega acpid: client connected from 11963[0:0] Sep 24 13:59:32 mega acpid: 1 client rule loaded Sep 24 13:59:32 mega acpid: client connected from 11963[0:0] Sep 24 13:59:32 mega acpid: 1 client rule loaded
The above was x86_64 I can't reproduce this i586 but do see similar messages in syslog when switching back to tty8 so they might be normal. Sep 24 14:20:23 localhost acpid: client 9718[0:0] has disconnected Sep 24 14:20:24 localhost acpid: client connected from 9718[0:0] Sep 24 14:20:24 localhost acpid: 1 client rule loaded
I switched back to KDM and this problem was the same. A reboot later they are back so switched back to GDM and restart the DM and they are gone again until the next reboot when they have returned. It seems the problem is with the DM being restarted rather than GDM itself. I haven't been able to make it drop to tty1 when switching DM's again so not sure what that was about. Again probably just something to do with the DM restart rather than GDM. Everything is working fine so long as the machine is actually rebooted rather than just restarting the DM. There is still a problem with KDM returning to the ugly kde default login screen but it returns to the Mageia login screen when GDM is selected so I think this is a problem with KDM.
I've had no problems with the current version of gdm, or gdm-user-switch-applet. Alt+ctrl+f12 and alt+ctrl+f1, etc. are working, as is the selection of kde4, gnome, etc. I consider i586 testing complete for the srpm gdm-2.32.1-1.1.mga1.src.rpm
We could probably do to test this on another x86_64 system. Can anybody give it a try and see if you have the same problems as comment 21?
(In reply to comment #26) > We could probably do to test this on another x86_64 system. > > Can anybody give it a try and see if you have the same problems as comment 21? I'm getting inconsistent results on my i586 system. First I switched from gdm to kdm. Got the tty1 login. Pressed alt+ctrl+f8, and the kdm login was there, but still starting up. Perhaps if I'd waited a little longer, it would have switched on it's own. Switched from kdm to gdm. Went straight to gdm login screen. Switched back to kdm. Went straight to gdm login screen. I consider this more of a minor annoyance, rather then a bug.
I tend to agree Dave. It would be good to get some dev input before we validate. Olav / dmorgan could you take a look at this please. Thanks.
Assigning to maintainer to check before we validate.
Assignee: qa-bugs => olav
adding qa-bugs in CC
CC: (none) => qa-bugs
What is the status of this update please?
As per comment 27, the inconsistent behaviour when switching between gdm and kdm, only happens when switching, not in normal usage, I'm going to go ahead and validate this update. Can someone from the sysadmin team push the srpm gdm-2.32.1-1.1.mga1.src.rpm from Core Updates Testing to Core Updates. Advisory: This security update for gdm corrects CVE-2011-1709, discovered by Henne Vogelsang that under certain PolicyKit configurations, GDM could be made to launch a browser. A local attacker could exploit this to gain access to files with the privileges of the gdm user. https://bugs.mageia.org/show_bug.cgi?id=1519
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Agreed Dave. 3 weeks with no feedback doesn't leave us much option.
Update pushed.
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED