Hello, guys, I have bad news.
We've found that if VNC or XDMCP access was enabled in lightdm, remote
unauthorized user could shutdown or reboot system. The issue was fixed
in
https://github.com/OpenIndiana/oi-userland/commit/97177ec9190d6e81c6bc6dd7ae8e2c3835044e8c
(system/display-manager/[email protected]).
I have a suspicion that this issue also can appear in SRSS environment.
If someone, who desires to run lightdm with SRSS, can setup test system
and check it, we can get a working fix.
For now the mentioned commit disables power actions for all non-local
sessions. We detect non-local sessions as those, which have associated
terminal (/dev/vt/*).
You can disable power actions menu for all sessions, setting
indicators to something like
~spacer;~spacer;~host;~spacer;~session;~a11y;~clock
in /etc/lightdm/lightdm.conf.
The question I have is if we should do it by default...
--
Best regards,
Alexander Pyhalov,
system administrator of Southern Federal University IT department
_______________________________________________
openindiana-discuss mailing list
[email protected]
https://openindiana.org/mailman/listinfo/openindiana-discuss
