Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#11431 - use user "gdm" instead of "nobody" for gdm
Attached to Project:
Arch Linux
Opened by Björn Martensen (baze) - Tuesday, 09 September 2008, 20:09 GMT
Last edited by Jan de Groot (JGC) - Saturday, 11 October 2008, 23:24 GMT
Opened by Björn Martensen (baze) - Tuesday, 09 September 2008, 20:09 GMT
Last edited by Jan de Groot (JGC) - Saturday, 11 October 2008, 23:24 GMT
|
Detailsi just talked a bit to the a gdm dev and when i said that arch uses the user "nobody" for gdm, he said that this was a very bad idea since anything running as "nobody" would be able to sniff everybody's passwords! he said the docs even say not to do that.
why is this done this way in arch when this is such a security issue? as it's not the default setting but arch uses a custom configuration for gdm. this also prevents running gdm 2.23.x which needs the user "gdm" btw. |
This task depends upon
Closed by Jan de Groot (JGC)
Saturday, 11 October 2008, 23:24 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in 2.20.8.
Saturday, 11 October 2008, 23:24 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in 2.20.8.
I don't think we will ship gdm 2.22 or 2.24 anyways, as I can't get it working at all and there's too many regressions reported, but the next 2.20.x update of gdm will have a gdm user.