Commit 1784ee6e authored by Björn Esser's avatar Björn Esser
Browse files

Disable guest login as system default preset (CVE-2017-8900)

parent 47dc164b
# Disable guest sessions due to them not being confined in systemd
# CVE-2017-8900
# https://bugs.launchpad.net/bugs/1663157
[Seat:*]
allow-guest=false
......@@ -5,7 +5,7 @@
Name: lightdm
Summary: A cross-desktop Display Manager
Version: 1.18.3
Release: 4%{?dist}
Release: 5%{?dist}
# library/bindings are LGPLv2 or LGPLv3, the rest GPLv3+
License: (LGPLv2 or LGPLv3) and GPLv3+
......@@ -26,6 +26,7 @@ Source11: 50-minimum-vt.conf
Source12: 50-session-wrapper.conf
Source13: 50-user-authority-in-system-dir.conf
Source14: 50-xserver-command.conf
Source15: 50-disable-guest.conf
## Downstream patches:
# hack in support for --nodaemon option
......@@ -200,7 +201,7 @@ mkdir -p %{buildroot}%{_localstatedir}/lib/lightdm-data/
install -m644 -p -D %{SOURCE4} %{buildroot}%{_unitdir}/lightdm.service
install -m644 -p -D %{SOURCE5} %{buildroot}%{_sysconfdir}/logrotate.d/lightdm
install -m644 -p -D %{SOURCE6} %{buildroot}%{_datadir}/polkit-1/rules.d/lightdm.rules
install -m644 -p %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} \
install -m644 -p %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} \
%{buildroot}%{_datadir}/lightdm/lightdm.conf.d/
%check
......@@ -302,6 +303,9 @@ exit 0
%changelog
* Tue Sep 05 2017 Björn Esser <besser82@fedoraproject.org> - 1.18.3-5
- Disable guest login as system default preset (CVE-2017-8900)
* Thu Aug 31 2017 Björn Esser <besser82@fedoraproject.org> - 1.18.3-4
- Start lightdm after dbus.service
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment