Daniel J Walsh wrote:
> I have also seen similar with it trying to create the directory in
> /root. Which is also somewhat bad. I do not want to give login
> programs the ability to write to these directories, because attackers
> without passwords can get the login programs to execute large amounts of
> codes without ever identifying themselves. gdm is setup with a homedir
> of /var/lib/gdm, which allows us to confine the gdm login program.
>
> Kde login needs something similar, I believe there is a bug on this,
> but it would not hurt to open another.
KDM runs as root, so of course its homedir is /root. KDM does not support
running as anything other than root (just like XDM and pretty much any
display manager other than the latest GDM).
Kevin Kofler
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
