← Back to team overview

desktop-packages team mailing list archive

[Bug 883865] Re: lightdm doesn't drop privileges when reading ~/.dmrc

 

This bug was fixed in the package lightdm - 1.0.6-0ubuntu3

---------------
lightdm (1.0.6-0ubuntu3) precise; urgency=low

  * SECURITY UPDATE: file contents disclosure via hard link
    - debian/patches/04_CVE-2011-4105.patch: make sure file isn't a symlink
      or a hard link before doing the chown on it.
    - CVE-2011-4105
  * SECURITY UPDATE: file contents disclosure via links (LP: #883865)
    - debian/patches/05_CVE-2011-3153.patch: drop privileges before
      accessing file.
    - CVE-2011-3153
 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>   Tue, 15 Nov 2011 14:23:53 -0500

** Branch linked: lp:~ubuntu-desktop/lightdm/ubuntu

** Changed in: lightdm (Ubuntu Precise)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/883865

Title:
  lightdm doesn't drop privileges when reading ~/.dmrc

Status in “lightdm” package in Ubuntu:
  Fix Released
Status in “lightdm” source package in Oneiric:
  Fix Released
Status in “lightdm” source package in Precise:
  Fix Released

Bug description:
  LightDM doesn't drop privileges when reading the ~/.dmrc file. This
  allows a local user to read configuration files he would normally not
  have read permissions for, for example, mysql configuration files that
  contain passwords.

  How to reproduce:
  1- Create a /etc/app.conf file owned by root with 600 permissions, containing the following:
  [App]
  password=xyz
  2- Log in as a regular user
  3- rm ~/.dmrc
  4- ln -s /etc/app.conf ~/.dmrc
  5- Log out, log back in
  6- look at ~/.dmrc

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/883865/+subscriptions