gdm Create User

Lubomir Kundrak lkundrak at
Sun Oct 7 12:26:51 UTC 2007

On Sat, 2007-10-06 at 18:18 -0400, Simo Sorce wrote:
> Leaking the information that a user exists or not is considered bad.

Though I do not think that gdm is the right place to create user
accounts, I disagree with this statement.

Knowing that an user exists or not is in principle about the same
dangerous as knowing whether a machine is up or not. Or should we
declare ping to be a security threat?

Lubomir Kundrak (Red Hat Security Response Team)

More information about the fedora-devel-list mailing list