Re: gdm: shadow unfriendly

From: Miguel de Icaza <miguel nuclecu unam mx>
To: dboynton worldnet att net, mkp sunsite auc dk, alan cymru net
CC: gnome-list gnome org
Subject: Re: gdm: shadow unfriendly
Date: Wed, 30 Sep 1998 19:10:51 -0500


> I have a couple of problems with gdm (CVS'd as of 9/29).  
> 
> 1. In order to support shadow passwords, I have to change gdm.conf to
> read nobodyuser=root, as only root can access the /etc/shadow file, even
> via pam. 

I dont think we can fix this unless we make gdm suid root, or make gdm
run as root always.  

This might not be as bad as it seems as gdm is fairly small and have
very few library dependencies (only libgnome and libgnomesupport would
have to be audited for possible holes).  Even then, the only routine
used from GNOME is gnome_config and it uses absolute paths, so no
inmediate abuse of this comes to mind.

> 2. Using the standard session files, after login, it appears to leave X,
> then goes right back into gdmgreeter. The session file "Gnome" is
> executable.

Can you trace this a little more?  Probably the default session does
not point to Gnoem?

> 3. I noticed that when first starting gdm, via "init 5", I see two gdm's
> running, plus the gdmgreeter.  Additionally, there are three error
> messages emmited like "gdm already running". 

I think gdm should be started like this "gdm -d" from /etc/inittab,
otherwise init goes into respawn mode over and over as gdm daemonizes
itself by default, here is how I use it:

:x:5:respawn:/gnome/bin/gdm -d

> 4. If the browser isn't enabled, the gdmgreeter window isn't centered.
> It stays in the upper left of the X window.

I CCed Martin on this ;-)

cheers,
Miguel.

Follow-Ups:
- Re: gdm: shadow unfriendly
  - From: Martin Kasper Petersen
- Re: gdm: shadow unfriendly
  - From: Michael K. Johnson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]