Bug#579033: gdm3: [patch] initialize ss_len before use
mariodebian
mariodebian at gmail.com
Thu Jun 3 13:02:33 UTC 2010
El jue, 03-06-2010 a las 14:15 +0200, Josselin Mouette escribió:
> Le jeudi 03 juin 2010 à 12:23 +0200, Mario Izquierdo (mariodebian) a
> écrit :
> > I'm working on this bug.
> >
> > Set "net.ipv6.bindv6only = 1", no changes is set to 0.
> >
> > Setting Debug/Enable=True I found that the call to XdmcpFill fails,
> > with this line in syslog:
> >
> > GdmXdmcpDisplayFactory: Could not create XDMCP buffer!
> >
> > With this patch:
> > http://tcosproject.org/cgit/gdm3.git/tree/debian/patches/95_xdmcp_fill_fix.patch
> >
> > XdmcpFill don't fail and remote session continue but all is IPV6:
>
> Sorry but your email is very confusing.
>
> What patch do you want us to apply? What does it fix exactly, and what does it not fix?
>
I have compared the code of XDM ,KDM with GDM.
In XDM and KDM ssl_len is set to sizeof socket_storage before calling
XdmcpFill()
XDM:
http://cgit.freedesktop.org/xorg/app/xdm/tree/xdmcp.c#n347
KDM:
http://websvn.kde.org/trunk/KDE/kdebase/workspace/kdm/backend/xdmcp.c?revision=1069071&view=markup
(line 1094)
My patch should move line 2887 to 2881 in this file:
http://tcosproject.org/cgit/gdm3.git/tree/daemon/gdm-xdmcp-display-factory.c#n2864
With the patch, XDMCP don't work yet, but logs says that WILLING is
trying to send to an ( malformed??? ) IPV6 address instead of fail with
bad XDMCP header.
> > In LAN networks XDMCP is very used and IPV6 must be optional, and
> > leave user to enable it, in config file not in a compile flag.
>
> No, we should just fix it so that it works, not put it under the carpet.
>
> In all cases I would highly recommend against XDMCP which is very
> unsecure, unless you have done everything needed on your network. GDM is
> able to start X sessions over SSH, which doesn’t have these problems.
>
> Cheers,
I know it...
I'm developing a thin client project like LTSP called TCOS [1] (I hope
to upload to Debian soon [2], need a sponsor) that use XDMCP (or SSH,
rDesktop, NX...).
My target users are school classrooms (TCOS is used in about 400 schools
in Madrid, Valencia (Spain) and 40-50 in Argentina, Brazil, and some
other counties)
The security in this environments is less important than speed, some of
our installations can display children games at 40/50 FPS in gigabit LAN
and with SSH this is not possible.
We use a lot of old hardware (like Pentium II-350 MHz, 64/128 MB RAM)
Greetings
[1] http://tcosproject.org/
[2] http://wiki.tcosproject.org/Tcos_Into_Debian
PD.- If you are interested, or know somebody that can sponsor some TCOS
uploads please tell me. I have uploaded 2 TCOS depends before:
http://qa.debian.org/developer.php?login=mariodebian@gmail.com
Thanks
--
http://mariodebian.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20100603/6357042b/attachment.pgp>
More information about the pkg-gnome-maintainers
mailing list