Your message dated Sun, 09 Mar 2008 03:32:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#469462: fixed in ldm 2:0.1~bzr20080308-1
has caused the Debian Bug report #469462,
regarding X access wide open on LTSP clients
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
469462: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469462
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: ltsp
Version: 5.0.40~bzr20080214-1~40.etch.0
Severity: critical
X connections to :6 on LTSP clients are possible from any machine on the
network.
Some notes:
- LDM_DIRECTX = False or True does not change anything
- on the client, X is running with the '-auth /root/.Xauthority' flag.
However, /root is mounted ro by default. Adding it to copy_dirs in
/etc/default/ltsp-client-setup allows .Xauthority to be generated, but
X connections are still possible.
- using iptables rules, we could at least restrict access to the
terminal server
best,
-Christian
--
Dr. Christian Herzog e-mail: [EMAIL PROTECTED]
IT Systems Specialist voice: +41 44 633 3950
Department of Physics office: HPR E86.1
Swiss Federal Institute of Technology 8093 Zurich, Switzerland
--- End Message ---
--- Begin Message ---
Source: ldm
Source-Version: 2:0.1~bzr20080308-1
We believe that the bug you reported is fixed in the latest version of
ldm, which is due to be installed in the Debian FTP archive:
ldm_0.1~bzr20080308-1.diff.gz
to pool/main/l/ldm/ldm_0.1~bzr20080308-1.diff.gz
ldm_0.1~bzr20080308-1.dsc
to pool/main/l/ldm/ldm_0.1~bzr20080308-1.dsc
ldm_0.1~bzr20080308-1_i386.deb
to pool/main/l/ldm/ldm_0.1~bzr20080308-1_i386.deb
ldm_0.1~bzr20080308.orig.tar.gz
to pool/main/l/ldm/ldm_0.1~bzr20080308.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Vagrant Cascadian <[EMAIL PROTECTED]> (supplier of updated ldm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 8 Mar 2008 21:42:40 -0500
Source: ldm
Binary: ldm
Architecture: source i386
Version: 2:0.1~bzr20080308-1
Distribution: unstable
Urgency: high
Maintainer: LTSP Debian/Ubuntu Maintainers <[EMAIL PROTECTED]>
Changed-By: Vagrant Cascadian <[EMAIL PROTECTED]>
Description:
ldm - LTSP display manager
Closes: 469462
Changes:
ldm (2:0.1~bzr20080308-1) unstable; urgency=high
.
* urgency set to high, as it fixes an RC/security bug, and upstream updates
are minor.
.
* new upstream:
- move ldm screen.d script to /usr/share/ltsp/screen.d
+ keep symlink to old location
+ patch to work with either /usr/share or /usr/lib
- move ldm-script and rc.d scripts back to /usr/share/ldm
- change LDM_ALLOW_GUEST variable to LDM_GUESTLOGIN
.
* patch fixing X access security bug (Closes: #469462)
.
* debian/rules, debian/control:
- add support for and depend on dpatch
Files:
4894387b71a54f5f1287927c2aa6aa5d 883 misc extra ldm_0.1~bzr20080308-1.dsc
57051e91358671b79364ba2b1b169b54 444139 misc extra
ldm_0.1~bzr20080308.orig.tar.gz
ddedc4ac34b814c07168957eff037906 5682 misc extra ldm_0.1~bzr20080308-1.diff.gz
26a5c0ee1df43bdaa0cb6b1828d6e6e6 138604 misc extra
ldm_0.1~bzr20080308-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH01cOlPc63BPWGpkRAtLjAJwNrESOmq/+UgXNKmfkNhc4TW+PnACfWMeq
XqkwmwQWtZfBFvaX7lxrT3A=
=zCWM
-----END PGP SIGNATURE-----
--- End Message ---
