[OpenIndiana-discuss] [SECURITY] Security issue in lightdm
Jim Klimov
jimklimov at cos.ru
Sat May 13 19:38:24 UTC 2017
On May 11, 2017 8:19:12 AM GMT+03:00, Nikola M <minikola at gmail.com> wrote:
>On 05/10/17 04:58 PM, Alexander Pyhalov wrote:
>> Hello, guys, I have bad news.
>>
>> We've found that if VNC or XDMCP access was enabled in lightdm,
>remote
>> unauthorized user could shutdown or reboot system. The issue was
>fixed
>> in
>>
>https://github.com/OpenIndiana/oi-userland/commit/97177ec9190d6e81c6bc6dd7ae8e2c3835044e8c
>> (system/display-manager/lightdm at 1.19.3-2017.0.0.3).
>>
>> I have a suspicion that this issue also can appear in SRSS
>> environment. If someone, who desires to run lightdm with SRSS, can
>> setup test system and check it, we can get a working fix.
>>
>> For now the mentioned commit disables power actions for all non-local
>> sessions. We detect non-local sessions as those, which have
>associated
>> terminal (/dev/vt/*).
>>
>> You can disable power actions menu for all sessions, setting
>> indicators to something like
>> ~spacer;~spacer;~host;~spacer;~session;~a11y;~clock
>> in /etc/lightdm/lightdm.conf.
>> The question I have is if we should do it by default...
>
>Congrats on the fix, It is great to disable it shutting down before log
>in with lightdm remote session , because anyone wanting to do that
>remotely, should log in first.
>
>I think that local and-non-local sessions have the same problem. There
>is no difference between someone unauthorized shutting down or
>restarting machine locally or remotely..
>https://www.illumos.org/issues/8167
>
>These are all indications that also 'Power' button should not be in
>lightdm login screen by default in the first place. It was strange to
>me
>how fast lightdm appeared there, and since I were not doing fresh
>install, but updating, I wasn't aware it is there by default.
>
>I like to put it there IF I set up my workstation laptop installation,
>but it should not be there by default in the first place. (First log
>in,
>identify and IF having rights, can do power actions on machine).
>
>I have a SunRay2 and could try setting up SRSS.
>
>
>_______________________________________________
>openindiana-discuss mailing list
>openindiana-discuss at openindiana.org
>https://openindiana.org/mailman/listinfo/openindiana-discuss
I am not sure it is always a problem locally, considering hardware security (e.g. a local user has access to power button or cord of a server/workstation, though not to that of a vandal-protected kiosk), and for some deployments it may be better to let trigger graceful shutdowns quickly than to suffer a full login. Better have this ability togglable though, to suit everyone.
FWIW, the Windows pre-login interface also has a button/menu to restart/shutdown/hibernate... the PC.
--
Typos courtesy of K-9 Mail on my Redmi Android
More information about the openindiana-discuss
mailing list