[442] in linux-announce channel archive
Possible Security Hole in xdm
daemon@ATHENA.MIT.EDU (Lars Wirzenius)
Sun Apr 16 19:35:39 1995
Date: Sun, 16 Apr 1995 20:49:37 +0300
From: Lars Wirzenius <wirzeniu@cc.helsinki.fi>
To: linux-activists@niksula.hut.fi, linux-announce@vger.rutgers.edu
X-Mn-Key: announce
From: mdharm@hmc.edu (Matthew Dharm)
Newsgroups: comp.os.linux.announce
Subject: Possible Security Hole in xdm
Organization: Harvey Mudd College, Claremont CA
Keywords: xdm X Slackware
Approved: linux-announce@news.ornl.gov (Lars Wirzenius)
Followup-to: comp.os.linux.x
There is what might be considered a security hole in xdm. The default
slackware configuration for xdm _does not_ check for the presence of
/etc/nologin. Below is a patch file I generated which will fix this.
The file to be patched is /usr/lib/X11/xdm/Xsession.
-- cut here --
--- /usr/lib/X11/xdm/Xsession Fri Oct 14 00:15:21 1994
+++ ./Xsession Sat Apr 8 21:04:13 1995
@@ -21,6 +21,13 @@
esac
esac
+# Check for /etc/nologin
+
+if [ -e /etc/nologin ]; then
+ xmessage -file /etc/nologin
+else
+# Do everything normally
+
# Since xdm doesn't run a bash -login shell (or any other login shell)
# then read the files that it would, to set up the user's environment
profile=/etc/profile
@@ -61,4 +68,5 @@
fi
twm &
exec xterm -geometry 80x24+10+10 -ls
+fi
fi
-- cut here --
---
Matthew Dharm -- mdharm@hmc.edu
GM/S/CS/CM d? H++ s++:- g+ p?>1 au--- a18 w+++ v++(*) C++++ U>L++++ P+ L>++++
3- E++ N++ K- W++(---) M-- V-- po- Y+(++) t+++ 5+++ j+ R-- G'''' tv
b+>++ D++ B--- e+>++++(*) u---(+)(++)(**) h f+ r++ n--->+(!) !y**
--
Send submissions for comp.os.linux.announce to: linux-announce@news.ornl.gov
PLEASE remember Keywords: and a short description of the software.
