This bug was fixed in the package lightdm - 1.0.6-0ubuntu3
---------------
lightdm (1.0.6-0ubuntu3) precise; urgency=low
* SECURITY UPDATE: file contents disclosure via hard link
- debian/patches/04_CVE-2011-4105.patch: make sure file isn't a symlink
or a hard link before doing the chown on it.
- CVE-2011-4105
* SECURITY UPDATE: file contents disclosure via links (LP: #883865)
- debian/patches/05_CVE-2011-3153.patch: drop privileges before
accessing file.
- CVE-2011-3153
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Tue, 15 Nov 2011 14:23:53
-0500
** Branch linked: lp:~ubuntu-desktop/lightdm/ubuntu
** Changed in: lightdm (Ubuntu Precise)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/883865
Title:
lightdm doesn't drop privileges when reading ~/.dmrc
Status in “lightdm” package in Ubuntu:
Fix Released
Status in “lightdm” source package in Oneiric:
Fix Released
Status in “lightdm” source package in Precise:
Fix Released
Bug description:
LightDM doesn't drop privileges when reading the ~/.dmrc file. This
allows a local user to read configuration files he would normally not
have read permissions for, for example, mysql configuration files that
contain passwords.
How to reproduce:
1- Create a /etc/app.conf file owned by root with 600 permissions, containing
the following:
[App]
password=xyz
2- Log in as a regular user
3- rm ~/.dmrc
4- ln -s /etc/app.conf ~/.dmrc
5- Log out, log back in
6- look at ~/.dmrc
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/883865/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
