Re: [Pkg-xfce-devel] Bug#679872: lightdm: No access control for lightdm's system bus
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Light Display Manager |
New
|
Undecided
|
Unassigned | ||
Debian |
New
|
Undecided
|
Unassigned |
Bug Description
affects debian
affects lightdm
done
On lun., 2012-07-02 at 10:51 +0300, Yair Yarom wrote:
> Package: lightdm
> Version: 1.2.2-1
> Severity: normal
>
> Dear Maintainer,
>
> It appears everyone has access to lightdm's system bus, which means
> anyone with remote or local access can cause the seat to change user,
> lock screen or switch to the greeter.
That looks pretty bad indeed.
>
> I.e. the following commands can be executed by any user
> dbus-send --print-reply --system --dest=
>
> dbus-send --print-reply --system --dest=
>
These two don't seem to do anything.
> dbus-send --print-reply --system --dest=
This one does “lock” the session (goes back to the greeter). It's
annoying, although at least there's no security issue at first sight.
I'm fowarding this upstream.
Regards,
--
Yves-Alexis
--
Yves-Alexis