lightdm doesn't drop privileges when reading ~/.dmrc
Bug #883865 reported by
Marc Deslauriers
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| lightdm (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
| Oneiric |
Fix Released
|
Medium
|
Unassigned | ||
| Precise |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
LightDM doesn't drop privileges when reading the ~/.dmrc file. This allows a local user to read configuration files he would normally not have read permissions for, for example, mysql configuration files that contain passwords.
How to reproduce:
1- Create a /etc/app.conf file owned by root with 600 permissions, containing the following:
[App]
password=xyz
2- Log in as a regular user
3- rm ~/.dmrc
4- ln -s /etc/app.conf ~/.dmrc
5- Log out, log back in
6- look at ~/.dmrc
| Changed in lightdm (Ubuntu Oneiric): | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
| Changed in lightdm (Ubuntu Precise): | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
| visibility: | private → public |
To post a comment you must log in.

This is CVE-2011-3153.