denied avcs for kde again :(
Daniel J Walsh
dwalsh at redhat.com
Tue Feb 17 13:34:13 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kevin Kofler wrote:
> Daniel J Walsh wrote:
>> I have also seen similar with it trying to create the directory in
>> /root. Which is also somewhat bad. I do not want to give login
>> programs the ability to write to these directories, because attackers
>> without passwords can get the login programs to execute large amounts of
>> codes without ever identifying themselves. gdm is setup with a homedir
>> of /var/lib/gdm, which allows us to confine the gdm login program.
>>
>> Kde login needs something similar, I believe there is a bug on this,
>> but it would not hurt to open another.
>
> KDM runs as root, so of course its homedir is /root. KDM does not support
> running as anything other than root (just like XDM and pretty much any
> display manager other than the latest GDM).
>
> Kevin Kofler
>
Its homedir is not currently /root it is /. That is what the AVC's are
indicating.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkmavNUACgkQrlYvE4MpobNtFQCffL+nby+dxcvRxeO+Vwtd3TKM
zRoAn1DJ4/7ilc25OBsZ+bDv43G8uR4H
=HT6G
-----END PGP SIGNATURE-----
More information about the fedora-test-list
mailing list