From owner-freebsd-security Thu Dec 27 14:38: 8 2001 Delivered-To: freebsd-security@freebsd.org Received: from topperwein.dyndns.org (acs-24-154-28-168.zoominternet.net [24.154.28.168]) by hub.freebsd.org (Postfix) with ESMTP id 50A1A37B405 for ; Thu, 27 Dec 2001 14:37:59 -0800 (PST) Received: from topperwein (topperwein [192.168.168.10]) by topperwein.dyndns.org (8.11.6/8.11.6) with ESMTP id fBRMbxG01648 for ; Thu, 27 Dec 2001 17:38:00 -0500 (EST) (envelope-from behanna@zbzoom.net) Date: Thu, 27 Dec 2001 17:37:54 -0500 (EST) From: Chris BeHanna Reply-To: Chris BeHanna To: Subject: Re: kdm grants ordinary users root access on 4.4-R In-Reply-To: <20011215132828.P59641-100000@cithaeron.argolis.org> Message-ID: <20011227173437.T93274-100000@topperwein.dyndns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 15 Dec 2001, Matt Piechota wrote: > On Sat, 15 Dec 2001, Raf Schietekat wrote: > > > [...kdm gave him a session as root instead of as himself...] > > [...snip...] > > While kcontrol *does* claim that the user is root, I don't seem to have > any rootly power to change things, such as the kdm properties. I thinking > kde2 is having problems with the freebsd passwd, although I don't know > why. I also haven't figured out why kde won't accept my password to > unlock the screen saver, of the root password so I *can* modify the kdm > settings as myself. I've been meaning to peek at the code to see why > those two bit don't work. kpasswd needs to be setuid root. There was a window during which it wasn't, and you installed KDE during that window. > As for the lack of response, I suppose that if I were very security > conscious, I wouldn't be running kde (or probably X) in the first place. > There probably aren't too many people on the list that are running kde. :) I imagine almost everyone on the list is running X on their desktops, and that a sizable percentage are running KDE. They also likely (like me) have their firewalls configured to prevent packets on ports 6000-6063 from getting out on the external interface (otherwise every single XEvent--including every single keystroke--can be sniffed). Regards, -- Chris BeHanna Software Engineer (Remove "bogus" before responding.) behanna@bogus.zbzoom.net I was raised by a pack of wild corn dogs. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message