A user with a logon name longer than 8 characters gets logged into FreeBSD as "root" after successful authentication as themselves, when logging in through GDM.
This problem cannot be replicated in GDM on Linux, and appears to be related to the 8 character username limit in FreeBSD.
[root@freebsd81-64 /usr/home/LAMPI/localuser10]# su LAMPI\\localuser10
su: username too long
Any users coming from BeyondTrust PBIS or Likewise Open or NIS or LDAP who have usernames longer than 8 characters get blocked logging in via ssh or su, but when authenticating via GDM, they are dropped into the OS as "root" with $EUID=0 and $UID=0.
[root@freebsd81-64 /usr/home/LAMPI/localuser10]# id lampi\\localuser10
How-To-Repeat: Create a user in a shared authentication engine with length($user) > 8. make sure that the user shows up in NSS via "id". Then log in via GDM as the user. Open a terminal and type "id" to see that the user is now "root".
Please make sure the problem is no longer present in the latest
version and help the user to deal with the update. In case the
problem still exists, I guess gdm should be marked broken for
Please try http://www.marcuscom.com/downloads/patch-daemon_gdm-session-worker.c
to see if that fixes this hole.
Any progress on testing this patch? I don't have a setup to test this
patch and I don't think Joe does either. I rather not commit a untested
I'm having a hard time getting my FreeBSD 8.2 build to stay stable long
enough to re-test (vmware maybe the problem?)
From: Koop Mast [mailto:email@example.com]
Sent: Monday, September 12, 2011 2:06 PM
To: bug-followup@FreeBSD.org; firstname.lastname@example.org
Subject: Re: ports/159721: x11/gdm: Usernames that are too long get logged
onto GUI console as root
Any progress on testing this patch? I don't have a setup to test this patch
and I don't think Joe does either. I rather not commit a untested patch.
I believe this is fixed now.
marcus 2012-01-02 19:21:24 UTC
FreeBSD ports repository
Make sure to exit if there is a problem setting up the desktop session.
If not, the user would be dropped in as root.
Revision Changes Path
1.140 +1 -1 ports/x11/gdm/Makefile
1.6 +9 -8 ports/x11/gdm/files/patch-daemon_gdm-session-worker.c
email@example.com mailing list
To unsubscribe, send any mail to "firstname.lastname@example.org"