rpms / gdm

Clone
Source Code
GIT

Blame SOURCES/0004-GdmManager-Don-t-perform-timed-login-if-session-gets.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   4dd5a856c29a1d7e5afc25c90b124fe9614f9b82
  2.   SOURCES
  3.   0004-GdmManager-Don-t-perform-timed-login-if-session-gets.patch
Blob History Raw
4dd5a8 
From 15a19ac7856c539aa9cfbf76997d18b0275aae35 Mon Sep 17 00:00:00 2001
4dd5a8 
From: Iain Lane <iainl@gnome.org>
4dd5a8 
Date: Mon, 4 Feb 2019 15:12:38 +0000
4dd5a8 
Subject: [PATCH 4/4] GdmManager: Don't perform timed login if session gets
4dd5a8 
 started
4dd5a8
4dd5a8 
At the moment it's possible for the login screen to initiate
4dd5a8 
a timed login operation shortly after a user successfully starts
4dd5a8 
their session.
4dd5a8
4dd5a8 
GDM won't complete the timed login operation, since a session is
4dd5a8 
already running, but will erroneously overwrite the username
4dd5a8 
associated with the session, misattributing the users session
4dd5a8 
to the timed login user.
4dd5a8
4dd5a8 
Later, attempts to log in as the timed user will instead unlock the
4dd5a8 
session for the other user, since that session is now associated
4dd5a8 
with the timed login user.
4dd5a8
4dd5a8 
This commit refuses timed login requests on sessions that are
4dd5a8 
already running, so the username doesn't get corrupted.
4dd5a8
4dd5a8 
CVE-2019-3825
4dd5a8
4dd5a8 
Closes https://gitlab.gnome.org/GNOME/gdm/issues/460
4dd5a8 
---
4dd5a8 
 daemon/gdm-manager.c | 8 ++++++++
4dd5a8 
 1 file changed, 8 insertions(+)
4dd5a8
4dd5a8 
diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c
4dd5a8 
index 0cc06a978..056560b20 100644
4dd5a8 
--- a/daemon/gdm-manager.c
4dd5a8 
+++ b/daemon/gdm-manager.c
4dd5a8 
@@ -2116,60 +2116,68 @@ on_session_client_ready_for_session_to_start (GdmSession      *session,
4dd5a8 
         } else {
4dd5a8 
                 g_debug ("GdmManager: Will start session when ready and told");
4dd5a8 
         }
4dd5a8
4dd5a8 
         waiting_to_start_user_session = GPOINTER_TO_INT (g_object_get_data (G_OBJECT (session),
4dd5a8 
                                                                        "waiting-to-start"));
4dd5a8
4dd5a8 
         g_object_set_data (G_OBJECT (session),
4dd5a8 
                            "start-when-ready",
4dd5a8 
                            GINT_TO_POINTER (client_is_ready));
4dd5a8
4dd5a8 
         if (client_is_ready && waiting_to_start_user_session) {
4dd5a8 
                 start_user_session_if_ready (manager, session, service_name);
4dd5a8 
         }
4dd5a8 
 }
4dd5a8
4dd5a8 
 static void
4dd5a8 
 on_session_client_connected (GdmSession      *session,
4dd5a8 
                              GCredentials    *credentials,
4dd5a8 
                              GPid             pid_of_client,
4dd5a8 
                              GdmManager      *manager)
4dd5a8 
 {
4dd5a8 
         GdmDisplay *display;
4dd5a8 
         char    *username;
4dd5a8 
         int      delay;
4dd5a8 
         gboolean enabled;
4dd5a8 
         gboolean allow_timed_login = FALSE;
4dd5a8
4dd5a8 
         g_debug ("GdmManager: client with pid %d connected", (int) pid_of_client);
4dd5a8
4dd5a8 
+        if (gdm_session_is_running (session)) {
4dd5a8 
+                const char *session_username;
4dd5a8 
+                session_username = gdm_session_get_username (session);
4dd5a8 
+                g_debug ("GdmManager: ignoring connection, since session already running (for user %s)",
4dd5a8 
+                         session_username);
4dd5a8 
+                return;
4dd5a8 
+        }
4dd5a8 
+
4dd5a8 
         display = get_display_for_user_session (session);
4dd5a8
4dd5a8 
         if (display == NULL) {
4dd5a8 
                 return;
4dd5a8 
         }
4dd5a8
4dd5a8 
         if (!display_is_on_seat0 (display)) {
4dd5a8 
                 return;
4dd5a8 
         }
4dd5a8
4dd5a8 
 #ifdef WITH_PLYMOUTH
4dd5a8 
         if (manager->priv->plymouth_is_running) {
4dd5a8 
                 plymouth_quit_with_transition ();
4dd5a8 
                 manager->priv->plymouth_is_running = FALSE;
4dd5a8 
         }
4dd5a8 
 #endif
4dd5a8
4dd5a8 
         g_object_get (G_OBJECT (display), "allow-timed-login", &allow_timed_login, NULL);
4dd5a8
4dd5a8 
         if (!allow_timed_login) {
4dd5a8 
                 return;
4dd5a8 
         }
4dd5a8
4dd5a8 
         enabled = get_timed_login_details (manager, &username, &delay);
4dd5a8
4dd5a8 
         if (! enabled) {
4dd5a8 
                 return;
4dd5a8 
         }
4dd5a8
4dd5a8 
         gdm_session_set_timed_login_details (session, username, delay);
4dd5a8 
--
4dd5a8 
2.21.0
4dd5a8

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation