xfs + gdm allow DoS of console

[mike () THEYTALK COM (Mike Leonhard)]

RedHat 6.2 further extends the xfs problem with its buggy gdm.  gdm apparently ignores the --nodaemon option specified 
to it in inittab.  If the X server fails to load for whatever reason, gdm will immediately reload it.  This causes the 
console to become unusable - caught in a loop with the screen flashing every 2 seconds as the X server tries to load.  
On a machine with no network login capability the only way out of this situation is to reboot the system by pressing 
CTRL-ALT-DEL on the keyboard.  If gdm would exit when the X server quits, then init would reload it in a safe manner - 
stopping for 5 min if gdm is reloaded, I believe it is, 10 times in one minute.

RedHat's updated gdm rpm as of last week did not resolve this issue.  I wonder if it was a good idea to move the 
'fixed' font into xfs.  I have had good experiences with xfstt, but I have always had my normal X fonts loaded directly 
from disk.

Mike_L
mike () theytalk com

----- Original Message ----- 
From: "Michal Zalewski" <lcamtuf () TPI PL>
To: <BUGTRAQ () SECURITYFOCUS COM>
Sent: Sunday, April 16, 2000 2:31 PM
Subject: xfs

Due to improper input validation (NULL pointer occours on strcpy()), any
user may crash X fontserver under RedHat 6.x, causing effective DoS for
whole X server :)
_______________________________________________________
Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security]
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=