ANNOUNCE: GDM (SECURITY FIX), the "Spank George!" release


Fun fun fun, there is a security hole in gdm, (well only in the 2.3.90.x
series so those who don't run it be calm).  Also it only affects those that
have automatic login setup (and for these people this bug can also be annoying
and not just a security hole).  Basically gdm 'forgot' to reinitialize
the X server after an automatic login.  Whoops.  There's also an extra
related fix thrown in and some more translations.

And now for the standard part of the release announcement:

Ahh, so you have no clue what gdm is?  Well if you've read this far ... let's
not get into that.  Gdm is GNOME Display Manager, the little daemon that lets
you log in to your computer.  It allows xdmcp multiple login displays,
selection of languages, multiple login sessions and generally is much cooler
then any xdm clone out there, mostly cuz it isn't an xdm clone to begin with.
I mean heck, it's even got a graphical configurator, so you don't have to use
the command line to hose your system anymore.


Highlights of stuff:

- SECURITY FIX! After an automatic session the display wasn't reinited
  so clients could be left hanging around.  This is only present in the
  2.3.90.x series and only affects automatic logins.

- Automatic login is actually done on the first login only and Timed
  login is actually done only on the first display (as it all should be)

- Translation updates (Germán Poo Caamańo, Jordi Mallach,
  Hasbullah Bin Pit, Tőivo Leedjärv)

Note:  Gdm2 was originally written by Martin K. Petersen <mkp mkp net>, and
is now maintained by the Queen of England.  Although when she's not answering
her email I usually cover for her.

Note2:  If installing from the tarball do note that make install overwrites
most of the setup files, all except gdm.conf and gnomerc.  It will however
save backups with the .orig extension first.

Note3:  Distributors, packagers.  Please, PLEASE use the standard Gnome script
when setting things up as gnome, or at least equivalently working scripts.  It
should never be OK to just exec gnome-session, that is considered bad form.
The script needs to read (if available) the ~/.gnomerc and otherwise read
the <sysconfdir>/gdm/gnomerc file.  This allows users and administrators to
setup custom startup for gnome.


Have fun,


PS:  I'm too tired to write a witty PS.  Hmmm, that assumes all my previous
PS's were witty.  Perhaps that's not so.  However perhaps this PS is witty
anyway.  My brain hurts.

George <jirka 5z com>
   Ja se vratim, a se mnou prijde zakon.
                       -- Limonadovy Joe

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]