51 lines
1.7 KiB
Diff
51 lines
1.7 KiB
Diff
From dd45295425c5a843c30aa8797b02d59ff488acb8 Mon Sep 17 00:00:00 2001
|
|
From: Iain Lane <iainl@gnome.org>
|
|
Date: Mon, 4 Feb 2019 15:12:38 +0000
|
|
Subject: [PATCH] GdmManager: Don't perform timed login if session gets started
|
|
|
|
At the moment it's possible for the login screen to initiate
|
|
a timed login operation shortly after a user successfully starts
|
|
their session.
|
|
|
|
GDM won't complete the timed login operation, since a session is
|
|
already running, but will erroneously overwrite the username
|
|
associated with the session, misattributing the users session
|
|
to the timed login user.
|
|
|
|
Later, attempts to log in as the timed user will instead unlock the
|
|
session for the other user, since that session is now associated
|
|
with the timed login user.
|
|
|
|
This commit refuses timed login requests on sessions that are
|
|
already running, so the username doesn't get corrupted.
|
|
|
|
CVE-2019-3825
|
|
|
|
Closes https://gitlab.gnome.org/GNOME/gdm/issues/460
|
|
---
|
|
daemon/gdm-manager.c | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
diff --git a/daemon/gdm-manager.c b/daemon/gdm-manager.c
|
|
index 1e5719558..b8619fbba 100644
|
|
--- a/daemon/gdm-manager.c
|
|
+++ b/daemon/gdm-manager.c
|
|
@@ -1947,6 +1947,14 @@ on_session_client_connected (GdmSession *session,
|
|
|
|
g_debug ("GdmManager: client with pid %d connected", (int) pid_of_client);
|
|
|
|
+ if (gdm_session_is_running (session)) {
|
|
+ const char *session_username;
|
|
+ session_username = gdm_session_get_username (session);
|
|
+ g_debug ("GdmManager: ignoring connection, since session already running (for user %s)",
|
|
+ session_username);
|
|
+ return;
|
|
+ }
|
|
+
|
|
display = get_display_for_user_session (session);
|
|
|
|
if (display == NULL) {
|
|
--
|
|
GitLab
|
|
|