Re: gdm minor security issue...

From: B <bolen hcs harvard edu>
To: gnome-list <gnome-list gnome org>
Subject: Re: gdm minor security issue...
Date: Sat, 13 Mar 1999 13:04:10 -0500 (EST)


Well that was easy to fix....

in gdmgreeter.c on line 1183  change

	if(g_list_length(result) == 1) {

to

	if(g_list_length(result) == 1 || GdmDisplayBrowser == 0) {


And you're all set...

Britt

On Sat, 13 Mar 1999, B wrote:

> On the gdm login screen if you enter an invalid username (aka the user
> doesn't exist on the machine) you can't tab to the password field.  Thus a
> user could, in theory, probe for valid usernames on a machine.
> 
> This is minor, but something that most systems try not to allow.  
> 
> I imagine the best fix would involve always allowing tabing to the
> password field if the browser is turned off.
> 
> I'll now commence an attempt to fix this... he he he I've never mucked
> with gnome code before :)
> 
> B
> 
> -----------------------------------------------------------------------
>                                   Britt Bolen  -  bolen@hcs.harvard.edu 
>                                                 hcs.harvard.edu/~bolen/
>                                                                   blah!
> 
> 
> -- 
>         FAQ: Frequently-Asked Questions at http://www.gnome.org/gnomefaq
>          To unsubscribe: mail gnome-list-request@gnome.org with 
>                        "unsubscribe" as the Subject.
> 

B

-----------------------------------------------------------------------
                                  Britt Bolen  -  bolen@hcs.harvard.edu 
                                                hcs.harvard.edu/~bolen/
                                                                  blah!

Follow-Ups:
- Re: gdm minor security issue...
  - From: i2ambler

References:
- gdm minor security issue...
  - From: B

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]