FS#17042 - [xorg-xdm] complains that the session is insecure on login screen display
Attached to Project:
Arch Linux
Opened by Jörg Kriegel (sokoban65) - Saturday, 07 November 2009, 08:56 GMT
Last edited by Jan de Groot (JGC) - Sunday, 08 November 2009, 20:50 GMT
Opened by Jörg Kriegel (sokoban65) - Saturday, 07 November 2009, 08:56 GMT
Last edited by Jan de Groot (JGC) - Sunday, 08 November 2009, 20:50 GMT
|
Details
Description:
xorg-xdm complains that the session is insecure on login screen display. This is because the package does not create a /var/lib/xdm directory. I gave it high severity because it affects security. Additional info: * package version : xorg-xdm 1.1.9-1 (tested on x86_64 but should also apply to i686) Steps to reproduce: * Make sure a local /var/lib/xdm doesn't exist * (Re)install xorg-xdm 1.1.9-1 * Run xdm * Xdm logs the error in /var/log/xdm.log Workaround: * mkdir /var/lib/xdm |
This task depends upon
Closed by Jan de Groot (JGC)
Sunday, 08 November 2009, 20:50 GMT
Reason for closing: Fixed
Additional comments about closing: 1.1.9-2.
Sunday, 08 November 2009, 20:50 GMT
Reason for closing: Fixed
Additional comments about closing: 1.1.9-2.
Looks like xdm-auth was disabled: http://repos.archlinux.org/wsvn/packages/xorg-xdm/repos/extra-i686/PKGBUILD?op=log
because of http://bugs.archlinux.org/task/17016
Maybe that compile switch doesn't remove that feature completely?
Git Repository: http://cgit.freedesktop.org/xorg/app/xdm/commit/?id=0ce4128e19f9fac9a565cce42a6a575486d371a5
The other method is MIT-MAGIC-COOKIE-1, which is also used. This can be easily checked with:
$ xauth list
host.domain:0 MIT-MAGIC-COOKIE-1 f7ded80a4c40b4cfed5cf68471b47120
[fe80::...]:0 MIT-MAGIC-COOKIE-1 f7ded80a4c40b4cfed5cf68471b47120
host/unix:0 MIT-MAGIC-COOKIE-1 f7ded80a4c40b4cfed5cf68471b47120
This is described in more detail in the Xsecurity man page.
It seems the default authdir path has just changed to /var/lib/xdm in the 1.1.9 release.
Git Repository: http://cgit.freedesktop.org/xorg/app/xdm/commit/?id=0c57a398cef50d13a821ad341ffb15ab0cbd2bad