diff options
| author | Vagrant Cascadian <vagrant@debian.org> | 2019-12-29 14:33:05 -0800 |
|---|---|---|
| committer | Vagrant Cascadian <vagrant@debian.org> | 2019-12-29 14:33:05 -0800 |
| commit | c351ac69ef63ed6c84221cef73e409059661b8ba (patch) | |
| tree | adf3502452a11c0536ec020cd56e76f4c88156cb | |
| parent | cbe56509f1103a6851d3ee96c001cc0e3326ede3 (diff) | |
This patch fixes an issue leading to root access on ltsp fat client
systems when the user's shell is csh, tcsh, fish and probably any
shell not supporting bourne shell syntax.
When running in an unsupported shell, the LDM_USERNAME variable may
end up being set to empty, resulting in a root login on ltsp fat
clients.
Mitigate this by skipping login when the LDM_USERNAME variable is
unset.
Thanks to Veeti Veteläinen for reporting the issue and Alkis
Georgopoulos for further help in debugging.
| -rw-r--r-- | rc.d/X95-run-x-session | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/rc.d/X95-run-x-session b/rc.d/X95-run-x-session index b11bbf2..f74da46 100644 --- a/rc.d/X95-run-x-session +++ b/rc.d/X95-run-x-session @@ -40,8 +40,12 @@ if ! boolean_is_true "$LDM_NOMAD"; then echo "CKCON_X11_DISPLAY_DEVICE DEFAULT=$CKCON_X11_DISPLAY_DEVICE" >> /etc/security/pam_env.conf fi - # The XDG_* variables are for logind support. - XDG_SEAT=${XDG_SEAT:-seat0} XDG_VTNR=${SCREEN_NUM#0} su - ${LDM_USERNAME} -c "$CLIENT_ENV $MY_LANG DISPLAY=$DISPLAY ICEAUTHORITY=$ICEAUTHORITY XAUTHORITY=$XAUTHORITY $LDM_XSESSION $LDM_SESSION" + # Skip if LDM_USERNAME is unset, mitigating root access: + # https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/1839431 + if [ -n "${LDM_USERNAME}" ]; then + # The XDG_* variables are for logind support. + XDG_SEAT=${XDG_SEAT:-seat0} XDG_VTNR=${SCREEN_NUM#0} su - "${LDM_USERNAME}" -c "$CLIENT_ENV $MY_LANG DISPLAY=$DISPLAY ICEAUTHORITY=$ICEAUTHORITY XAUTHORITY=$XAUTHORITY $LDM_XSESSION $LDM_SESSION" + fi # Unmount any removable devices mounted by the user for d in $(mount | awk '/uhelper=udisks/ {print $1}; /uhelper=devkit/ {print $1}'); do |
