Re: kdm grants ordinary users root access on 4.4-R

From: Chris BeHanna (behanna@zbzoom.net)
Date: 12/27/01

• Next message: Chris BeHanna: "Re: Invalid self-signature (was: Re: FreeBSD Ports Security Advisory FreeBSD-SA-01:67.htdig)"
• Previous message: X Philius: "Re: Help with ipfw rules to allow DNS queries through"
• In reply to: Matt Piechota: "Re: kdm grants ordinary users root access on 4.4-R"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 27 Dec 2001 17:37:54 -0500 (EST)
From: Chris BeHanna <behanna@zbzoom.net>
To: <FreeBSD-Security@freebsd.org>

On Sat, 15 Dec 2001, Matt Piechota wrote:

> On Sat, 15 Dec 2001, Raf Schietekat wrote:
>
> > [...kdm gave him a session as root instead of as himself...]
>
> [...snip...]
>
> While kcontrol *does* claim that the user is root, I don't seem to have
> any rootly power to change things, such as the kdm properties. I thinking
> kde2 is having problems with the freebsd passwd, although I don't know
> why. I also haven't figured out why kde won't accept my password to
> unlock the screen saver, of the root password so I *can* modify the kdm
> settings as myself. I've been meaning to peek at the code to see why
> those two bit don't work.

    kpasswd needs to be setuid root. There was a window during which
it wasn't, and you installed KDE during that window.

> As for the lack of response, I suppose that if I were very security
> conscious, I wouldn't be running kde (or probably X) in the first place.
> There probably aren't too many people on the list that are running kde. :)

    I imagine almost everyone on the list is running X on their
desktops, and that a sizable percentage are running KDE. They also
likely (like me) have their firewalls configured to prevent packets on
ports 6000-6063 from getting out on the external interface (otherwise
every single XEvent--including every single keystroke--can be
sniffed).

Regards,

-- 
Chris BeHanna
Software Engineer                   (Remove "bogus" before responding.)
behanna@bogus.zbzoom.net
I was raised by a pack of wild corn dogs.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Chris BeHanna: "Re: Invalid self-signature (was: Re: FreeBSD Ports Security Advisory FreeBSD-SA-01:67.htdig)"
• Previous message: X Philius: "Re: Help with ipfw rules to allow DNS queries through"
• In reply to: Matt Piechota: "Re: kdm grants ordinary users root access on 4.4-R"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: kdm grants ordinary users root access on 4.4-R ... > user logs in, gets his home directory all right (hence the result of ... I have used kcontrol the last day or two, and I have no root owned files ... of the root password so I *can* modify the kdm ... There probably aren't too many people on the list that are running kde. ... (FreeBSD-Security) RE: /root file system full ... The real problem was running KDE while logged in as root, ... >> ports etc, when I should have been logging in as a user and doing an ... >> su to root to install. ... (freebsd-questions) Re: [kde] KDM doesnt want to start KDE ... running KDE via startx, but I can't start working using KDM. ... How much disk space do you have in your root partition? ... I was still able to login as root as 5% disk ... (KDE) Re: rh9 terminal not starting ... erm.. ... why are you running KDE as root?!! ... Can you run xterm from the run dialog in the main menu? ... (alt.os.linux.redhat)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint