/var/run/kdm/kdmrc world readable w/ passwords
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kdebase (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: kdebase
/etc/init.d/kdm runs genkdmconf to create (among other things) /var/run/kdm/kdmrc as a copy of /etc/kde3/
To fix this apply the attached patch to /etc/init.d/kdm.
brad
P.S. The same patch (give or take a few line numbers) could probably also be applied to /etc/init.
ProblemType: Bug
Architecture: i386
Date: Sun Aug 24 12:51:23 2008
DistroRelease: Ubuntu 8.04
Package: kdm 4:3.5.9-0ubuntu7.3
PackageArchitec
SourcePackage: kdebase
Uname: Linux 2.6.24-19-generic i686
Changed in kdebase: | |
status: | New → Confirmed |
As far as I can tell, no passwords are stored in kdmrc (at least in KDE4), even with Auto-Login and/or Password-less Login features enabled. Can you provide an example of this happening? (Obviously without disclosing any passwords on your system)