|Main Archive Page > Month Archives > oss-security archives|
Could we please get a CVE assigned to the following issue?:
Starting with ldm 2.2.x, upstream switched to using wwm as a minimal window manager.
It was discovered that wwm ships with keybindings that allow spawning an xterm.
As the ldm greeter runs as root, this allows for a passwordless root shell.