gdm Create User
lkundrak at redhat.com
Sun Oct 7 12:26:51 UTC 2007
On Sat, 2007-10-06 at 18:18 -0400, Simo Sorce wrote:
> Leaking the information that a user exists or not is considered bad.
Though I do not think that gdm is the right place to create user
accounts, I disagree with this statement.
Knowing that an user exists or not is in principle about the same
dangerous as knowing whether a machine is up or not. Or should we
declare ping to be a security threat?
Lubomir Kundrak (Red Hat Security Response Team)
More information about the fedora-devel-list