oss-sec mailing list archives
gdm PostLogin script executes scripts as user gdm
From: Thomas Biege <thomas () suse de>
Date: Tue, 22 Feb 2011 17:31:05 +0100
Hello oss-security, should we consider this as a vulnerability? https://bugzilla.gnome.org/show_bug.cgi?id=602403 cite: ------------------------------------------------------------------------------ ericlesoll [reporter] 2009-11-19 13:00:11 UTC on Ubuntu Karmic Koala and Fedora 12 After a fresh install on some machines and update from Jaunty on another one, we can't catch $USER $USERNAME $LOGNAME from /etc/gdm/PostLogin/Default, we get "gdm" for all variables instead of real login name. It was working since 7.04 version. If in a terminal we run : echo $USER, we get the real login name. example below : If I put those 3 lines in /etc/gdm/PostLogin/Default: echo $USER > /tmp/aaa.txt echo $USERNAME >> /tmp/aaa.txt echo $LOGNAME >> /tmp/aaa.txt after every login I get this result: $ cat /tmp/aaa.txt gdm gdm gdm I would expect to get my real login name in those 3 variables instead of "gdm", which is of no use to take specific action based on which user is logging in. This was working as expected with at least the 3 previous versions of Ubuntu. ------------------------------------------------------------------------------ Cheers, Thomas -- Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- Wer aufhoert besser werden zu wollen, hoert auf gut zu sein. -- Marie von Ebner-Eschenbach
Current thread:
- gdm PostLogin script executes scripts as user gdm Thomas Biege (Feb 22)
- Re: gdm PostLogin script executes scripts as user gdm Josh Bressers (Feb 22)
- Re: gdm PostLogin script executes scripts as user gdm Thomas Biege (Feb 23)
- Re: gdm PostLogin script executes scripts as user gdm Josh Bressers (Feb 22)