~rhansen/lightdm/+git/main:lightdm-1-20

Last commit made on 2017-05-11
Get this branch:
git clone -b lightdm-1-20 https://git.launchpad.net/~rhansen/lightdm/+git/main

Branch merges

Branch information

Name:
lightdm-1-20
Repository:
lp:~rhansen/lightdm/+git/main

Recent commits

a02a9dc... by Robert Ancell

* SECURITY UPDATE: Guest session not confined (LP: #1663157)
  - debian/50-disable-guest.conf:
  - debian/lightdm.install:
    - Disable guest sessions by default, this can be overridden by custom
      configuration (e.g. /etc/lightdm/lightdm.conf)
  - CVE-2017-8900

c4d4963... by Robert Ancell

Update debian/changelog

e73f0ca... by Tyler Hicks

Detect existing malicious guest user home dirs

It was discovered that a local attacker could watch for lightdm's
guest-account script to create a /tmp/guest-XXXXXX file and then quickly
create the lowercase representation of the guest user's home directory
before lightdm could. This allowed the attacker to have control of the
guest user's home directory and, subsequently, gain control of an
arbitrary directory in the filesystem which could lead to privilege
escalation.

This patch fixes the issue by detecting failures in creating a directory
for the guest user's home directory. If the file (directory, symlink,
etc.) already exists at the path, mkdir will fail and the script will
exit. This means that it is still possible for a local user to carry out
a denial of service on the guest user login feature.

29ef819... by Robert Ancell

Fix logic that checked if a session was being stopped

8c2a58e... by Robert Ancell

Use power management functions from ConsoleKit2 if available.

Suspend and hibernate functionality was removed from upower 0.99.0, so systems
not using systemd had now suspend/hibernate functionality. Support for this
was added into ConsoleKit2.

Most systems will either be systemd or ConsoleKit2 now, so we try the following:
1. Power management in logind
2. Power management in ConsoleKit
3. upower for suspend/resume (really only here to not break backwards
   compatibility)

Based on a patch for Gentoo by Fitzcarraldo.

639396a... by Robert Ancell

Use liblightdm-gobject power methods instead of re-implementing in Qt, only run power fallback tests once

2a0aa8c... by Robert Ancell

Fix incorrect unref in XDMCP code

3ae054c... by Robert Ancell

Use SA_RESTART on signals so we don't get interrupted reads

2a4a24c... by Robert Ancell

Re-enable SIGPIPE for children so they have default behaviour

54c1140... by Robert Ancell

Re-enable SIGPIPE for children so they have default behaviour