Bug 25112 - Xdm enable root login, when this is forbidden in Xresources
Summary: Xdm enable root login, when this is forbidden in Xresources
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: App/xdm (show other bugs)
Version: unspecified
Hardware: x86 (IA32) All
: medium normal
Assignee: Alan Coopersmith
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords: security
Depends on:
Blocks:
 
Reported: 2009-11-16 00:31 UTC by ZoliM
Modified: 2010-04-12 17:18 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Attachments
X resouces file (3.20 KB, text/plain)
2009-11-16 00:33 UTC, ZoliM
no flags Details
Proposed patch submitted to xorg-devel (3.21 KB, patch)
2010-03-16 17:03 UTC, Alan Coopersmith
no flags Details | Splinter Review

Description ZoliM 2009-11-16 00:31:20 UTC
/etc/X11/xdm/Xresources file contains the line:

xlogin.Login.allowRootLogin: false

but the xlogin widget let the root log in.
Comment 1 ZoliM 2009-11-16 00:33:19 UTC
Created attachment 31224 [details]
X resouces file
Comment 2 Julien Cristau 2009-11-16 08:38:23 UTC
On Mon, Nov 16, 2009 at 00:31:21 -0800, bugzilla-daemon@freedesktop.org wrote:

> /etc/X11/xdm/Xresources file contains the line:
> 
> xlogin.Login.allowRootLogin: false
> 
> but the xlogin widget let the root log in.
> 
aiui when using PAM this configuration is not used.
Comment 3 ZoliM 2009-11-17 00:25:37 UTC
> aiui when using PAM this configuration is not used.

Should not have to be marked this somehow in the log file? :-)
Comment 4 Alan Coopersmith 2010-03-16 13:04:43 UTC
The allowRootLogin code seems to have only been implemented for USE_BSDAUTH
(which doesn't appear to ever be defined by configure.ac) and the OpenBSD
version of the non-PAM/direct getpwent() authentication backend.

I don't see why it should be OpenBSD specific, so have moved it outside of
the #ifdef __OpenBSD__ and added it to the PAM backend as well, plus added
a warning to the xdm man page that it depends on the authentication method
built into xdm, and will submit a patch with that for comment to xorg-devel.
Comment 5 Alan Coopersmith 2010-03-16 17:03:00 UTC
Created attachment 34130 [details] [review]
Proposed patch submitted to xorg-devel

http://lists.x.org/archives/xorg-devel/2010-March/006276.html
Comment 6 Alan Coopersmith 2010-04-12 17:18:56 UTC
Pushed fix to git master.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.