[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: denied avcs for kde again :(

From: Kevin Kofler <kevin kofler chello at>
To: fedora-selinux-list redhat com
Cc: fedora-test-list redhat com
Subject: Re: denied avcs for kde again :(
Date: Tue, 17 Feb 2009 08:45:34 +0100

Daniel J Walsh wrote:
> I have also seen similar with it trying to create the directory in
> /root.  Which is also somewhat bad.  I do not want to give login
> programs the ability to write to these directories, because attackers
> without passwords can get the login programs to execute large amounts of
> codes without ever identifying themselves.  gdm is setup with a homedir
> of /var/lib/gdm, which allows us to confine the gdm login program.
> 
> Kde login needs something similar,  I believe there is a bug on this,
> but it would not hurt to open another.

KDM runs as root, so of course its homedir is /root. KDM does not support
running as anything other than root (just like XDM and pretty much any
display manager other than the latest GDM).

        Kevin Kofler

Follow-Ups:
- Re: denied avcs for kde again :(
  - From: Daniel J Walsh

References:
- denied avcs for kde again :(
  - From: Antonio Olivares
- Re: denied avcs for kde again :(
  - From: Daniel J Walsh

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]