[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Fwd: Problems with redhat 6 Xsession and pam.d/rlogin.



I saw this on bugtraq and thought it should also go here.

-------- Original Message --------
Subject: Problems with redhat 6 Xsession and pam.d/rlogin.
Date: Thu, 7 Oct 1999 19:56:46 +0100
From: David Malone <dwmalone@MATHS.TCD.IE>
Reply-To: David Malone <dwmalone@MATHS.TCD.IE>
To: BUGTRAQ@SECURITYFOCUS.COM

I've found two problems which seem to be present in RedHat 6.0 and
RedHat 6.1.
They're not earthshatteringly bad, but...

	1) Xsession on RedHat will start kde, gnome or anotherlevel
	rather than running a user's .xsession file, if you choose
	one of these from kdm. This is bad if you have account
	which have a special shell and xsession which are supposed
	to only allow one use of the account.

	Maybe it would be sensible to check a user has a shell listed
	in /etc/shells before starting a kde, gnome or anoterlevel
	session for them.

	2) In pam.d/rlogin allows you to log in, even if /etc/nologin
	exists 'cos the line:

		auth       sufficient   /lib/security/pam_rhosts_auth.so
	
	is futher up the file than:

		auth       required     /lib/security/pam_nologin.so

	Easy to fix.

David.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []