Bug#639151: marked as done (Local privilege escalation)

[Debian Bug Tracking System]

Your message dated Thu, 15 Sep 2011 10:03:12 +0000
with message-id <e1r48mm-0004eo...@franck.debian.org>
and subject line Bug#639151: fixed in lightdm 0.9.6-1
has caused the Debian Bug report #639151,
regarding Local privilege escalation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
639151: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639151
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: lightdm
Severity: grave
Tags: security

Sebastian Kramer posted the following to oss-security:

---

From: Sebastian Krahmer <krah...@suse.de>
To: oss-secur...@lists.openwall.com
Cc: robert.anc...@canonical.com
Subject: [oss-security] lightdm issues

Hi,

lightdm (0.9.2) which aims to be a xdm replacement seems to
fall into the same pitfalls like kdm and gdm recently. There is
a lot of uid 0 code creating and chown()ing files in user dirs such as
for ~/.dmrc and ~/.Xauthority. Probably more, depending on
how the permissions of cache and log directories are set up. For example
process_start() also creates and chown()s logfiles on users behalf.

There is also one thing that I dont understand about the lightdm
user itself and why pam sessions seem to be started for it inside
the greeter session code.

The xdmcp code seems to be OK so far, after a quick review.

---

Cheers,
        Moritz

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: lightdm
Source-Version: 0.9.6-1

We believe that the bug you reported is fixed in the latest version of
lightdm, which is due to be installed in the Debian FTP archive:

liblightdm-gobject-1-0_0.9.6-1_amd64.deb
  to main/l/lightdm/liblightdm-gobject-1-0_0.9.6-1_amd64.deb
liblightdm-gobject-dev_0.9.6-1_amd64.deb
  to main/l/lightdm/liblightdm-gobject-dev_0.9.6-1_amd64.deb
liblightdm-qt-1-0_0.9.6-1_amd64.deb
  to main/l/lightdm/liblightdm-qt-1-0_0.9.6-1_amd64.deb
liblightdm-qt-dev_0.9.6-1_amd64.deb
  to main/l/lightdm/liblightdm-qt-dev_0.9.6-1_amd64.deb
lightdm-gtk-greeter_0.9.6-1_amd64.deb
  to main/l/lightdm/lightdm-gtk-greeter_0.9.6-1_amd64.deb
lightdm-qt-greeter_0.9.6-1_amd64.deb
  to main/l/lightdm/lightdm-qt-greeter_0.9.6-1_amd64.deb
lightdm-vala_0.9.6-1_amd64.deb
  to main/l/lightdm/lightdm-vala_0.9.6-1_amd64.deb
lightdm_0.9.6-1.debian.tar.gz
  to main/l/lightdm/lightdm_0.9.6-1.debian.tar.gz
lightdm_0.9.6-1.dsc
  to main/l/lightdm/lightdm_0.9.6-1.dsc
lightdm_0.9.6-1_amd64.deb
  to main/l/lightdm/lightdm_0.9.6-1_amd64.deb
lightdm_0.9.6.orig.tar.gz
  to main/l/lightdm/lightdm_0.9.6.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 639...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yves-Alexis Perez <cor...@debian.org> (supplier of updated lightdm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 15 Sep 2011 11:36:21 +0200
Source: lightdm
Binary: lightdm lightdm-gtk-greeter lightdm-qt-greeter lightdm-vala 
liblightdm-gobject-1-0 liblightdm-qt-1-0 liblightdm-gobject-dev 
liblightdm-qt-dev
Architecture: source amd64
Version: 0.9.6-1
Distribution: unstable
Urgency: low
Maintainer: Debian Xfce Maintainers <pkg-xfce-de...@lists.alioth.debian.org>
Changed-By: Yves-Alexis Perez <cor...@debian.org>
Description: 
 liblightdm-gobject-1-0 - simple display manager (gobject library)
 liblightdm-gobject-dev - simple display manager (gobject development files)
 liblightdm-qt-1-0 - simple display manager (Qt library)
 liblightdm-qt-dev - simple display manager (Qt development files)
 lightdm    - simple display manager
 lightdm-gtk-greeter - simple display manager (GTK+ greeter)
 lightdm-qt-greeter - simple display manager (Qt greeter)
 lightdm-vala - simple display manager (Vala files)
Closes: 639151
Changes: 
 lightdm (0.9.6-1) unstable; urgency=low
 .
   * New upstream release:
     - don't write user files as root to prevent symlinks attacks
       [CVE-2011-3349]                                           closes: #639151
   * debian/patches:
     - 01_set-default-path, 02_default-config, 03_quit-plymouth,
       04_default-gtk-greeter-config refreshed.
     - 05_always-export-XAUTHORITY dropped, included upstream.
     - 05_dont-add-pkglibexecdir-path added, don't add /usr/lib/lightdm/lightdm
       to the PATH, it's ugly.
   * debian/rules:
     - don't install gdmflexiserver script for now until the PATH issue is
       solved.
   * debian/lightdm.install
     - install lightdm-set-default and dm-tool there.
   * debian/lightdm-{gtk,qt}-greeter.{config,templates,postinst,prerm}:
     - provide a way to select the current greeter through debconf. Other
       packages providing a greeter use the same templates/config to register
       themselves in debconf.
   * debian/control:
     - add suggests on accountsservice.
Checksums-Sha1: 
 77c68e52808f2d8648904486dddcaa6cb1b6c0e9 2338 lightdm_0.9.6-1.dsc
 1debe4e00244f93a08faac5b3c4fffbc5f2cafdc 623109 lightdm_0.9.6.orig.tar.gz
 a15621b81341f44dda7ba8ab72ab4d8c1b572c70 31512 lightdm_0.9.6-1.debian.tar.gz
 1ca7999ce4b3f5833c1ca512e271e2a0fdccd82c 113648 lightdm_0.9.6-1_amd64.deb
 9d2a4bfbc8dae90c811657f20dbe25a209b388f0 27312 
lightdm-gtk-greeter_0.9.6-1_amd64.deb
 9e4d31a3c5e498b2636b6f250aa1ad164916ce7f 21630 
lightdm-qt-greeter_0.9.6-1_amd64.deb
 d0dcf0b70c2d4377530f20353c0604537b1548b5 4044 lightdm-vala_0.9.6-1_amd64.deb
 d3d3bd4d30d2b630d8d2fdf6f9cc76a1667bb82b 28272 
liblightdm-gobject-1-0_0.9.6-1_amd64.deb
 4658e49264f46a343b07bf35aa4fc26befb34d15 50496 
liblightdm-qt-1-0_0.9.6-1_amd64.deb
 3de1d119fbf87ef383fccb5edc156bcafd48c394 52564 
liblightdm-gobject-dev_0.9.6-1_amd64.deb
 73f5f85785487b5df02d34888a23ffd74dbd17a7 62290 
liblightdm-qt-dev_0.9.6-1_amd64.deb
Checksums-Sha256: 
 c0ce0aa80475acd4461a7f8f6ffb99afa5374d6dc8e66d83334045e2aefcae69 2338 
lightdm_0.9.6-1.dsc
 660c4bd8fd113cb7273beb6a8f2c18e659b676deda499bfb5a09c73fb079fb8d 623109 
lightdm_0.9.6.orig.tar.gz
 1cc4b48246fb0b014ae96ec7e3fc84018f5b0c27fdc7b148026846e8411e6c50 31512 
lightdm_0.9.6-1.debian.tar.gz
 b3856f0432edc48de3aa743da6793a933375ea3be1d92898573ed70d6296fc0c 113648 
lightdm_0.9.6-1_amd64.deb
 0d22d6ee55a6210c39e67206232f131bc0dfcf86c7ff7738f51104f6587d15f1 27312 
lightdm-gtk-greeter_0.9.6-1_amd64.deb
 cf8642d2ad13f6cea6d448d7ca9a4a50d54ff8db57ade3562c444e0dc2cd4cd2 21630 
lightdm-qt-greeter_0.9.6-1_amd64.deb
 d214ababacf2e79fbd6b5402e5126b1c79adc13cfe6981cbfcb08cf2afa3abee 4044 
lightdm-vala_0.9.6-1_amd64.deb
 e7f4bb881589e3944dc0b0b5df9afe52e9b6ee8d6012257f0b0cd74f12fe8244 28272 
liblightdm-gobject-1-0_0.9.6-1_amd64.deb
 15587188185891fde13986900498cd61ffa6656a2052b9ec6f0195fe9aff0d38 50496 
liblightdm-qt-1-0_0.9.6-1_amd64.deb
 ee3408e5c58e7ee28f99a26334d8b871f378cfa901770a290cc8c31f1b9a4f7e 52564 
liblightdm-gobject-dev_0.9.6-1_amd64.deb
 3579b32fd15f3b069e00b2630fde5e7a3a7764b222f9f2f9a52034e479314846 62290 
liblightdm-qt-dev_0.9.6-1_amd64.deb
Files: 
 a5b238a5c40140b847b0dc848141666e 2338 x11 optional lightdm_0.9.6-1.dsc
 088cb083185e39f9a5be846aab270e3c 623109 x11 optional lightdm_0.9.6.orig.tar.gz
 89547715255fdfe6cb595c5c987cb829 31512 x11 optional 
lightdm_0.9.6-1.debian.tar.gz
 56fb86e075114b570b9c3f15be8a7e10 113648 x11 optional lightdm_0.9.6-1_amd64.deb
 f23dfd47c231a628dfd0921cf9feee63 27312 x11 optional 
lightdm-gtk-greeter_0.9.6-1_amd64.deb
 be0f22afcd844dd31faf48fd903a8a74 21630 x11 optional 
lightdm-qt-greeter_0.9.6-1_amd64.deb
 071edaecacb3621b7b256cac929618ff 4044 x11 optional 
lightdm-vala_0.9.6-1_amd64.deb
 64ae5e0c486664668e72fa38fe6ec031 28272 libdevel optional 
liblightdm-gobject-1-0_0.9.6-1_amd64.deb
 d53f5593bfa83e2e21c8351c44282b8a 50496 libdevel optional 
liblightdm-qt-1-0_0.9.6-1_amd64.deb
 325c9d5572f13e9eb1d571197fdbde92 52564 libdevel optional 
liblightdm-gobject-dev_0.9.6-1_amd64.deb
 83e36b2a79927d1ba2d327f857df6191 62290 libdevel optional 
liblightdm-qt-dev_0.9.6-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJOcckUAAoJEDBVD3hx7wuoXokQAJoeUcxbrrRc4fLXfYQHfMEf
a2K8Wy8CXYusisHJRIXpT1Zu91pABgfHxH6r1xxeS4RLMfgcHRtIP4ct+rDZWa5C
TxzXuoL3X6v9nCyrCuvkK6XCB82jz0GunXtrXGvgJ44CxVUFtjLwzwWdClXR7snn
O0XqW/LMC27zyNitFpgZUfAx02okjr/XRmUb0ieyIzZjYRUkXcTstkRB0SfGSYlS
YHLpcCjUKxnuo+Fo++dUt+WgOtZjapqrIXXUB5ESZ+pbfocKRglMczefUDTBqkTs
K8hdGCptp8RgNh7L2KNLENsJSoiHoZXJs22hpFHH7SMaxJLQ+OA/9hDD0MsdG9ta
CswXbt7u+aOOmuijEqRqYBpgSmNB5Q+qTPkTLrtiptYMcisjydN8Fj49ZuUJYYYK
atU9kW2Kpu4JXG2GTJuzGWoBdqd0utigjjLEMGGB+WgFZpYcfoc85/fc2Zo0QLkP
y5ThWHJYNNJHUaBQD5Mr2ph8mZfBKdBUQUiD4le8D0cPgYKDLV4KmRrNwocAEmlQ
tvwDPISg71cuHm6uoZkl1WGOetNaKkfunNDrv7+KvWNzL+yUXYhZeZmdRmtdRhQT
b8isQMovEX+ejxKT/+JeqfkHKigah3RkHfnxgLzY2K1WL8edzAqZTf76Ypou5rMH
Yo7zDta3kKU23edEfyW8
=wpSM
-----END PGP SIGNATURE-----

--- End Message ---