• Iain Lane's avatar
    GdmManager: Don't perform timed login if session gets started · 92c2a577
    Iain Lane authored
    At the moment it's possible for the login screen to initiate
    a timed login operation shortly after a user successfully starts
    their session.
    
    GDM won't complete the timed login operation, since a session is
    already running, but will erroneously overwrite the username
    associated with the session, misattributing the users session
    to the timed login user.
    
    Later, attempts to log in as the timed user will instead unlock the
    session for the other user, since that session is now associated
    with the timed login user.
    
    This commit refuses timed login requests on sessions that are
    already running, so the username doesn't get corrupted.
    
    CVE-2019-3825
    
    Closes #460
    92c2a577
Name
Last commit
Last update
chooser Loading commit data...
common Loading commit data...
daemon Loading commit data...
data Loading commit data...
docs Loading commit data...
libgdm Loading commit data...
m4 Loading commit data...
pam-extensions Loading commit data...
pam_gdm Loading commit data...
po Loading commit data...
tests Loading commit data...
utils Loading commit data...
.gitignore Loading commit data...
.gitlab-ci.yml Loading commit data...
AUTHORS Loading commit data...
COPYING Loading commit data...
HACKING Loading commit data...
MAINTAINERS Loading commit data...
Makefile.am Loading commit data...
NEWS Loading commit data...
README.md Loading commit data...
acconfig.h Loading commit data...
acinclude.m4 Loading commit data...
autogen.sh Loading commit data...
configure.ac Loading commit data...
gdm.doap Loading commit data...