Secure testing team - Apr 2010 - Bug#578928: gdm3: gives shell-access as user Debian-gdm to everyone

Package: gdm3
Version: 2.30.0-2
Severity: grave
Tags: security
Justification: user security hole

If I enable the screen-reader in the login manager, a gnome-terminal window is
opened. There everyone can get shell access as user Debian-gdm by creating a
new profile.

The following processes are running:

gnome-terminal -x /usr/bin/orca --no-setup --disable main-window --disable
magnifier --enable speech
/usr/bin/python -c import orca.orca; orca.orca.main() --no-setup --disable
main-window --disable magnifier --enable speech

After enabling and disabling the screen reader several times,
the gnome-terminal window disappears immediately each time. Only the python
process keeps running. This behaviour continues until gdm3 is restarted.


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, ''unstable'')
Architecture: i386 (i686)

Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages gdm3 depends on:
ii  adduser                 3.112            add and remove users and groups
ii  debconf [debconf-2.0]   1.5.32           Debian configuration management sy
ii  gconf2                  2.28.1-3         GNOME configuration database syste
ii  gnome-session [x-sessio 2.30.0-1         The GNOME Session Manager - GNOME 
ii  gnome-session-bin       2.30.0-1         The GNOME Session Manager - Minima
ii  gnome-terminal [x-termi 2.30.0-1         The GNOME terminal emulator applic
ii  kde-window-manager [x-w 4:4.3.4-5+b1     the KDE 4 window manager (KWin)
ii  konsole [x-terminal-emu 4:4.3.4-1        X terminal emulator for KDE 4
ii  libart-2.0-2            2.3.20-2         Library of functions for 2D graphi
ii  libatk1.0-0             1.30.0-1         The ATK accessibility toolkit
ii  libattr1                1:2.4.44-1       Extended attribute shared library
ii  libaudit0               1.7.13-1+b1      Dynamic library for security audit
ii  libbonobo2-0            2.24.3-1         Bonobo CORBA interfaces library
ii  libbonoboui2-0          2.24.3-1         The Bonobo UI library
ii  libc6                   2.10.2-6         Embedded GNU C Library: Shared lib
ii  libcairo2               1.8.10-4         The Cairo 2D vector graphics libra
ii  libcanberra-gtk0        0.22-1           Gtk+ helper for playing widget eve
ii  libcanberra0            0.22-1           a simple abstract interface for pl
ii  libdbus-1-3             1.2.24-1         simple interprocess messaging syst
ii  libdbus-glib-1-2        0.86-1           simple interprocess messaging syst
ii  libdevkit-power-gobject 1:0.9.2-1        abstraction for power management -
ii  libfontconfig1          2.8.0-2          generic font configuration library
ii  libfreetype6            2.3.11-1         FreeType 2 font engine, shared lib
ii  libgconf2-4             2.28.1-3         GNOME configuration database syste
ii  libglib2.0-0            2.24.0-1         The GLib library of C routines
ii  libgnome2-0             2.30.0-1         The GNOME library - runtime files
ii  libgnomecanvas2-0       2.30.1-1         A powerful object-oriented display
ii  libgtk2.0-0             2.20.0-3         The GTK+ graphical user interface 
ii  liborbit2               1:2.14.18-0.1    libraries for ORBit2 - a CORBA ORB
ii  libpam-modules          1.1.1-2          Pluggable Authentication Modules f
ii  libpam-runtime          1.1.1-2          Runtime support for the PAM librar
ii  libpam0g                1.1.1-2          Pluggable Authentication Modules l
ii  libpanel-applet2-0      2.28.0-3         library for GNOME Panel applets
ii  libpango1.0-0           1.28.0-1         Layout and rendering of internatio
ii  libpolkit-gobject-1-0   0.96-2           PolicyKit Authorization API
ii  libpolkit-gtk-1-0       0.96-2           PolicyKit GTK+ API
ii  libpopt0                1.15-1           lib for parsing cmdline parameters
ii  librsvg2-common         2.26.2-1         SAX-based renderer library for SVG
ii  libselinux1             2.0.94-1         SELinux runtime shared libraries
ii  libwrap0                7.6.q-18         Wietse Venema''s TCP
wrappers libra
ii  libx11-6                2:1.3.3-3        X11 client-side library
ii  libxau6                 1:1.0.5-2        X11 authorisation library
ii  libxdmcp6               1:1.0.3-2        X11 Display Manager Control Protoc
ii  libxklavier16           5.0-2            X Keyboard Extension high-level AP
ii  libxml2                 2.7.7.dfsg-2     GNOME XML library
ii  lsb-base                3.2-23.1         Linux Standard Base 3.2 init scrip
ii  metacity [x-window-mana 1:2.30.1-1       lightweight GTK+ window manager
ii  policykit-1-gnome       0.96-2           GNOME authentication agent for Pol
ii  upower                  0.9.2-1          abstraction for power management
ii  xfwm4 [x-window-manager 4.6.1-1          window manager of the Xfce project
ii  xterm [x-terminal-emula 256-1            X terminal emulator
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

Versions of packages gdm3 recommends:
ii  at-spi                     1.30.0-2      Assistive Technology Service Provi
ii  gnome-icon-theme           2.30.1-1      GNOME Desktop icon theme
ii  gnome-power-manager        2.30.0-1      power management tool for the GNOM
ii  gnome-settings-daemon      2.28.1-3      daemon handling the GNOME session 
ii  xnest                      2:1.7.6.901-3 Nested X server
ii  xserver-xephyr             2:1.7.6.901-3 nested X server
ii  xserver-xorg               1:7.5+5       the X.Org X server
ii  zenity                     2.30.0-1      Display graphical dialog boxes fro

Versions of packages gdm3 suggests:
ii  gnome-mag                     1:0.15.9-1 a screen magnifier for the GNOME d
ii  gnome-orca                    2.30.0-1   Scriptable screen reader
ii  libpam-gnome-keyring          2.30.0-2   PAM module to unlock the GNOME key