From owner-freebsd-security Thu Dec 13 18: 7:56 2001 Delivered-To: freebsd-security@freebsd.org Received: from durendal.skynet.be (durendal.skynet.be [195.238.3.128]) by hub.freebsd.org (Postfix) with ESMTP id 1728337B417 for ; Thu, 13 Dec 2001 18:07:52 -0800 (PST) Received: from skynet.be (dialup127.herentals.skynet.be [195.238.28.127]) by durendal.skynet.be (8.11.6/8.11.6/Skynet-OUT-2.16) with ESMTP id fBE27mS07547; Fri, 14 Dec 2001 03:07:48 +0100 (MET) (envelope-from ) Message-ID: <3C195EEC.9010208@skynet.be> Date: Fri, 14 Dec 2001 03:07:40 +0100 From: Raf Schietekat Reply-To: Raf_Schietekat@ieee.org User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: en-us MIME-Version: 1.0 To: FreeBSD-security@FreeBSD.org Subject: kdm grants ordinary users root access on 4.4-R Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear experts, When I do startx from a console, my KDE environment starts up as expected (I have "startkde" in both .xsession and .xinitrc). Since I succeeded in setting up kdm (which took some asking and guessing, because I didn't find much in the way of documentation), I have the following problem: >>>>> I wrote on FreeBSD-questions with subject "kdm op 4.4-R" No, hold the presses, now I've got another problem, which some system administrators may frown upon... ;-) When I log in into KDE as my ordinary-user(-though-member-of-wheel) identity, I get my session back as I left it, but when I start up a Konsole (I was going to give the su root kcontrol another try), I notice that I am... root! Right at the prompt greeting me when the window pops up, no su or anything! # whoami root # pwd /usr/home/rfschtkt # cd # pwd /usr/home/rfschtkt [How come cd doesn't take me to /root?] <<<<< (Note that the subject "kdm op 4.4-R" is from a lapse into Dutch, means "kdm on 4.4-R".) Configuration was pretty much as follows: >>>>> I wrote on FreeBSD-questions with subject "kdm op 4.4-R" desktop# ls /usr/local/share/config/kdm kdmrc desktop# cd /usr/local/share/config/kdm desktop# cp /usr/X11R6/lib/X11/xdm/Xservers Xservers desktop# kdm -nodaemon [aha, login window appears... but login fails, Ctrl-Alt-F1] [several error messages about Xaccess, Xsetup, Xstartup, Xreset, Ctrl-C] ^Cdesktop# cp /usr/X11R6/lib/X11/xdm/Xaccess Xaccess desktop# cp /usr/X11R6/lib/X11/xdm/Xsetup_0 Xsetup desktop# cp /usr/X11R6/lib/X11/xdm/Xsession Xstartup desktop# echo > Xreset [ee Xstartup to contain a line for KDE] desktop# kdm -nodaemon [can log in fine, Sound server error looks different than the message I normally get, but that's another issue] [when I log out, the screen is black with a % shell in the upper left hand corner, and xconsole in the lower right, I type exit, I get kdm, Ctrl-Alt-F1, Ctrl-C] ^Cdesktop# echo "/usr/local/bin/kdm/desktop" > Xsetup [now I have a background, although there are a few seconds of delay each time, I go out of X, ee /etc/ttys to enable kdm from there, kill -HUP 1, still works fine, but I still get the % shell where I have to type exit <<<<< If I then log out and remove kdm from /etc/ttys and try to log in normally again, I can't until I've removed some files that were written in my home directory with owner root, but then I'm back to normal (normal user in Konsole until I enable kdm again). Did I miss something in the setup? Is it a known problem? Raf Schietekat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message