desktop-packages team mailing list archive

Thread
Date

[Bug 835996] Re: lightdm.log should not be user readable

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Martin Pitt <martin.pitt@xxxxxxxxxx>
Date: Thu, 15 Sep 2011 08:19:46 -0000
Reply-to: Bug 835996 <835996@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

lightdm (0.9.6-0ubuntu1) oneiric; urgency=low

  * New upstream release:
    - Only unlock displays if switched to from greeter
    - Make log file not system readable
    - Write ~/.Xauthority inside the session process so it cannot be hijacked
    - Set PAM_TTY and PAM_XDISPLAY when opening PAM session
    - Add VNC server support
    - Do not write ~/.dmrc and ~/.Xauthority as root. [CVE-2011-3349]
  * debian/patches/00upstream_unlock_fix.patch:
  * debian/patches/04_dont_write_files_as_root.patch:
    - Applied upstream


** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2011-3349

** Changed in: lightdm (Ubuntu Oneiric)
       Status: Fix Committed => Fix Released

** Changed in: lightdm
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/835996

Title:
  lightdm.log should not be user readable

Status in Light Display Manager:
  Fix Released
Status in “lightdm” package in Ubuntu:
  Fix Released
Status in “lightdm” source package in Oneiric:
  Fix Released

Bug description:
  lightdm seems to have created /var/log/lightdm/lightdm.log as :

  
  -rw-r--r--  1 root    root     5166 2011-08-28 12:26 lightdm.log

  I believe that should not be user readable, among other things in there we have
  debug including data lengths from the greeter, login users, then details about the users sesssion
  including the session cookie.

  Dave

  ProblemType: Bug
  DistroRelease: Ubuntu 11.10
  Package: lightdm 0.9.3-0ubuntu8
  ProcVersionSignature: Ubuntu 3.0.0-9.14-generic 3.0.3
  Uname: Linux 3.0.0-9-generic x86_64
  Architecture: amd64
  CheckboxSubmission: f2d10bd9f943a85b486a282e7840a570
  CheckboxSystem: 0531969bcfd4f03af7405c98dc94a948
  Date: Sun Aug 28 12:50:20 2011
  InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release amd64 (20091027)
  ProcEnviron:
   LANGUAGE=
   PATH=(custom, user)
   LANG=en_GB.UTF-8
   SHELL=/bin/bash
  SourcePackage: lightdm
  UpgradeStatus: Upgraded to oneiric on 2011-07-31 (28 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/835996/+subscriptions