denied avcs for kde again :(
Kevin Kofler
kevin.kofler at chello.at
Tue Feb 17 07:45:34 UTC 2009
Daniel J Walsh wrote:
> I have also seen similar with it trying to create the directory in
> /root. Which is also somewhat bad. I do not want to give login
> programs the ability to write to these directories, because attackers
> without passwords can get the login programs to execute large amounts of
> codes without ever identifying themselves. gdm is setup with a homedir
> of /var/lib/gdm, which allows us to confine the gdm login program.
>
> Kde login needs something similar, I believe there is a bug on this,
> but it would not hurt to open another.
KDM runs as root, so of course its homedir is /root. KDM does not support
running as anything other than root (just like XDM and pretty much any
display manager other than the latest GDM).
Kevin Kofler
More information about the fedora-selinux-list
mailing list