XDMCP server starts without authentication if configured key does not exist
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Light Display Manager |
Fix Released
|
Medium
|
Robert Ancell | ||
1.10 |
Fix Released
|
Medium
|
Robert Ancell | ||
1.14 |
Fix Released
|
Medium
|
Robert Ancell | ||
1.16 |
Fix Released
|
Medium
|
Robert Ancell | ||
1.2 |
Fix Released
|
Medium
|
Robert Ancell | ||
lightdm (Ubuntu) |
Fix Released
|
Medium
|
Robert Ancell | ||
Precise |
Won't Fix
|
Medium
|
Unassigned | ||
Trusty |
Fix Released
|
Medium
|
Robert Ancell | ||
Vivid |
Fix Released
|
Medium
|
Robert Ancell | ||
Wily |
Fix Released
|
Medium
|
Robert Ancell |
Bug Description
[Impact]
An incorrectly configured XDMCP server will start without authentication instead of disabling XDMCP / stopping LightDM.
[Test Case]
1. Set up LightDM to run an XDMCP server using an XDM authentication key, i.e. in lightdm.conf:
[XDMCPServer]
enabled=true
key=key-name
2. Do not create /etc/lightdm/
3. Start LightDM
4. Connect XDMCP client.
Expected result:
Either LightDM doesn't start or the XDMCP server doesn't start.
Observed result:
XDMCP server starts without authentication, any XDMCP client is able to connect. Debug message printed to log warning about missing key, but not easy to spot.
[Regression Potential]
Low - change is to not start LightDM if this case occurs. This could affect someone who currently has a misconfigured LightDM. In this case a warning message is printed to the log.
information type: | Private Security → Public Security |
Changed in lightdm: | |
milestone: | none → 1.17.2 |
status: | In Progress → Fix Released |
affects: | ubuntu (Ubuntu) → lightdm (Ubuntu) |
tags: |
added: verification-needed-trusty verification-needed-vivid verification-needed-wily removed: verification-needed |
Changed in lightdm (Ubuntu): | |
assignee: | nobody → Robert Ancell (robert-ancell) |
importance: | Undecided → Medium |
Changed in lightdm (Ubuntu Precise): | |
assignee: | nobody → Robert Ancell (robert-ancell) |
importance: | Undecided → Medium |
Changed in lightdm (Ubuntu): | |
status: | New → Fix Released |
Changed in lightdm (Ubuntu Trusty): | |
assignee: | nobody → Robert Ancell (robert-ancell) |
Changed in lightdm (Ubuntu Vivid): | |
assignee: | nobody → Robert Ancell (robert-ancell) |
importance: | Undecided → Medium |
Changed in lightdm (Ubuntu Wily): | |
assignee: | nobody → Robert Ancell (robert-ancell) |
importance: | Undecided → Medium |
Changed in lightdm (Ubuntu Trusty): | |
importance: | Undecided → Medium |
Changed in lightdm (Ubuntu Precise): | |
assignee: | Robert Ancell (robert-ancell) → nobody |
Hello Robert, or anyone else affected,
Accepted lightdm into trusty-proposed. The package will build now and be available at https:/ /launchpad. net/ubuntu/ +source/ lightdm/ 1.10.6- 0ubuntu1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed. In either case, details of your testing will help us make a better decision.
Further information regarding the verification process can be found at https:/ /wiki.ubuntu. com/QATeam/ PerformingSRUVe rification . Thank you in advance!