4377156 1999-10-09 00:15 /37 rader/ Postmaster Mottagare: Bugtraq (import) <8117> Ärende: Problems with redhat 6 Xsession and pam.d/rlogin. ------------------------------------------------------------ Approved-By: aleph1@SECURITYFOCUS.COM Delivered-To: bugtraq@lists.securityfocus.com Delivered-To: bugtraq@securityfocus.com X-Request-Do: Message-ID: <199910071956.aa58337@salmon.maths.tcd.ie> Date: Thu, 7 Oct 1999 19:56:46 +0100 Reply-To: David Malone <dwmalone@MATHS.TCD.IE> Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM> From: David Malone <dwmalone@MATHS.TCD.IE> X-To: BUGTRAQ@SECURITYFOCUS.COM To: BUGTRAQ@SECURITYFOCUS.COM I've found two problems which seem to be present in RedHat 6.0 and RedHat 6.1. They're not earthshatteringly bad, but... 1) Xsession on RedHat will start kde, gnome or anotherlevel rather than running a user's .xsession file, if you choose one of these from kdm. This is bad if you have account which have a special shell and xsession which are supposed to only allow one use of the account. Maybe it would be sensible to check a user has a shell listed in /etc/shells before starting a kde, gnome or anoterlevel session for them. 2) In pam.d/rlogin allows you to log in, even if /etc/nologin exists 'cos the line: auth sufficient /lib/security/pam_rhosts_auth.so is futher up the file than: auth required /lib/security/pam_nologin.so Easy to fix. David. (4377156) ----------------------------------- 4414633 1999-10-21 20:21 /38 rader/ Postmaster Mottagare: Bugtraq (import) <8246> Ärende: Re: Problems with redhat 6 Xsession and pam.d/rlogin. ------------------------------------------------------------ Approved-By: aleph1@SECURITYFOCUS.COM Delivered-To: bugtraq@lists.securityfocus.com Delivered-To: BUGTRAQ@SECURITYFOCUS.COM Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/0.96.7i X-Mailer-Holy-War: Get Mutt, it bites! Message-ID: <19991020185139.A19349@nebcorp.com> Date: Wed, 20 Oct 1999 18:51:39 -0500 Reply-To: Ari Gordon-Schlosberg <regs@NEBCORP.COM> Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM> From: Ari Gordon-Schlosberg <regs@NEBCORP.COM> Organization: Nebcorp.com: ruling your world since 1998 X-To: BUGTRAQ@SECURITYFOCUS.COM To: BUGTRAQ@SECURITYFOCUS.COM In-Reply-To: <199910071956.aa58337@salmon.maths.tcd.ie> [David Malone <dwmalone@MATHS.TCD.IE>] > I've found two problems which seem to be present in RedHat 6.0 and RedHat 6.1. > They're not earthshatteringly bad, but... > > 1) Xsession on RedHat will start kde, gnome or anotherlevel > rather than running a user's .xsession file, if you choose > one of these from kdm. This is bad if you have account > which have a special shell and xsession which are supposed > to only allow one use of the account. > > Maybe it would be sensible to check a user has a shell listed > in /etc/shells before starting a kde, gnome or anoterlevel > session for them. This issue is fixed in RedHat 6.1, where gdm (the xdm replacement) will run the user's .xsession rather than gnome or kde. -- Ari there is no spoon ------------------------------------------------------------------------- http://www.nebcorp.com/~regs/pgp for PGP public key (4414633) -----------------------------------