Bug#580629: gdm3 - allows unauthenticated users to change power configuration

2010-06-12 Thread Josselin Mouette
tag 580629 + pending thanks Le samedi 12 juin 2010 à 14:53 +0200, Bastian Blank a écrit : > There is a power settings applet in the lower right of the display, near > the shutdown button. Ah indeed, I hadn’t tested gdm3 on a laptop. This is fixed in the SVN. Thanks, -- .''`. Josselin Mou

Bug#580629: gdm3 - allows unauthenticated users to change power configuration

2010-06-12 Thread Bastian Blank
On Sat, Jun 12, 2010 at 02:14:03PM +0200, Josselin Mouette wrote: > Le samedi 12 juin 2010 à 13:20 +0200, Bastian Blank a écrit : > > On Sat, Jun 12, 2010 at 10:44:51AM +0200, Josselin Mouette wrote: > > > The power manager daemon is launched, but that doesn’t give you access > > > to the propertie

Bug#580629: gdm3 - allows unauthenticated users to change power configuration

2010-06-12 Thread Josselin Mouette
Le samedi 12 juin 2010 à 13:20 +0200, Bastian Blank a écrit : > On Sat, Jun 12, 2010 at 10:44:51AM +0200, Josselin Mouette wrote: > > The power manager daemon is launched, but that doesn’t give you access > > to the properties. > > Could you explain exactly how you would exploit that? > > Start a

Bug#580629: gdm3 - allows unauthenticated users to change power configuration

2010-06-12 Thread Bastian Blank
On Sat, Jun 12, 2010 at 10:44:51AM +0200, Josselin Mouette wrote: > The power manager daemon is launched, but that doesn’t give you access > to the properties. > Could you explain exactly how you would exploit that? Start a new greeter (available via several locations), modify the power management

Bug#580629: gdm3 - allows unauthenticated users to change power configuration

2010-06-12 Thread Josselin Mouette
Le vendredi 07 mai 2010 à 23:42 +0200, Bastian Blank a écrit : > On Fri, May 07, 2010 at 09:18:48PM +0200, Josselin Mouette wrote: > > Le vendredi 07 mai 2010 à 12:08 +0200, Bastian Blank a écrit : > > > gdm3 allows unauthenticated users to change the power configuration, > > > including automatic

Bug#580629: gdm3 - allows unauthenticated users to change power configuration

2010-05-07 Thread Bastian Blank
On Fri, May 07, 2010 at 09:18:48PM +0200, Josselin Mouette wrote: > Le vendredi 07 mai 2010 à 12:08 +0200, Bastian Blank a écrit : > > gdm3 allows unauthenticated users to change the power configuration, > > including automatic suspend. > > This is a DoS on any non-singleuser machine. > What do yo

Bug#580629: gdm3 - allows unauthenticated users to change power configuration

2010-05-07 Thread Josselin Mouette
Le vendredi 07 mai 2010 à 12:08 +0200, Bastian Blank a écrit : > Package: gdm3 > Version: 2.30.2-1 > Severity: important > > gdm3 allows unauthenticated users to change the power configuration, > including automatic suspend. > > This is a DoS on any non-singleuser machine. What do you mean by “

Bug#580629: gdm3 - allows unauthenticated users to change power configuration

2010-05-07 Thread Bastian Blank
Package: gdm3 Version: 2.30.2-1 Severity: important gdm3 allows unauthenticated users to change the power configuration, including automatic suspend. This is a DoS on any non-singleuser machine. Bastian -- Time is fluid ... like a river with currents, eddies, backwash. -- Spock