oss-sec mailing list archives
LXDM X authentication issues
From: Tomas Hoger <thoger () redhat com>
Date: Fri, 20 Nov 2015 14:04:51 +0100
Hi! LXDM before 0.5.2 did not start X server with -auth parameter. Therefore any user able to connect to it (typically all local users) would have their X connections accepted. The issue was fixed via: http://git.lxde.org/gitweb/?p=lxde/lxdm.git;a=commitdiff;h=e8f387089e241360bdc6955d3e479450722dcea3 LXDM also defaults to not restarting X server between sessions, and does not change authentication cookies or remove xhost authorizations. This allows local user to be able to connect to the X server after they logged out. The 'reset' option in lxdm.conf controls whether X server is restarted on session user close. -- Tomas Hoger / Red Hat Product Security
Current thread:
- LXDM X authentication issues Tomas Hoger (Nov 20)
- Re: LXDM X authentication issues cve-assign (Nov 20)
- Re: Re: LXDM X authentication issues Tomas Hoger (Nov 20)
- Re: LXDM X authentication issues cve-assign (Nov 20)