[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: gdm Create User

From: Lubomir Kundrak <lkundrak redhat com>
To: Development discussions related to Fedora <fedora-devel-list redhat com>
Subject: Re: gdm Create User
Date: Sun, 07 Oct 2007 14:26:51 +0200

On Sat, 2007-10-06 at 18:18 -0400, Simo Sorce wrote:
> Leaking the information that a user exists or not is considered bad.

Though I do not think that gdm is the right place to create user
accounts, I disagree with this statement.

Knowing that an user exists or not is in principle about the same
dangerous as knowing whether a machine is up or not. Or should we
declare ping to be a security threat?

-- 
Lubomir Kundrak (Red Hat Security Response Team)

Follow-Ups:
- Re: gdm Create User
  - From: Matthew Miller
- Re: gdm Create User
  - From: Steve Grubb
- Re: gdm Create User
  - From: Simo Sorce

References:
- gdm Create User
  - From: Richi Plana
- Re: gdm Create User
  - From: Douglas McClendon
- Re: gdm Create User
  - From: Simo Sorce

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]