Someone confirm or deny that this bug exists. funkyHat claimed sie found a security hole in gdm; this bug is a sanity followup. Running CVS version of E17, possibly related? Steps of Replication: 1. Select GDM theme that uses a graphical chooser (Happy Gnome with Browser, Crop Circles, etc.) 2. Login to Gnome as a normal user 3. Open xnest 4. Click the configuration button. 5. Click any user in the chooser box (if using currently running, use "Log In Anyway" when prompted) 6. Type that user's password, and hit enter. The configuration panel should appear, with full control. # emerge -v --info Portage 2.0.54-r2 (default-linux/x86/2006.0, gcc-3.4.6, glibc-2.3.6-r3, 2.6.16-gentoo-r7 i686) ================================================================= System uname: 2.6.16-gentoo-r7 i686 AMD Athlon(tm) XP 2000+ Gentoo Base System version 1.6.14 dev-lang/python: 2.4.2 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1-r2 sys-devel/gcc-config: 1.3.13-r2 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="" ANT_HOME="/usr/share/ant-core" ARCH="x86" AUTOCLEAN="yes" BASH_ENV="/etc/spork/is/not/valid/profile.env" CBUILD="i686-pc-linux-gnu" CFLAGS="-O3 -march=athlon-xp -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CLASSPATH="." CLEAN_DELAY="5" CONFIG_PROTECT="/etc /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CVS_RSH="ssh" CXXFLAGS="-O3 -march=athlon-xp -pipe -fomit-frame-pointer" DISPLAY=":0.0" DISTDIR="/usr/portage/distfiles" EDITOR="/usr/bin/vim" ELIBC="glibc" EMERGE_WARNING_DELAY="10" FEATURES="autoconfig distlocks sandbox sfperms strict" FETCHCOMMAND="/usr/bin/wget -t 5 --passive-ftp -P ${DISTDIR} ${URI}" GCC_SPECS="" GDK_USE_XFT="1" GENTOO_MIRRORS="http://www.mirrorservice.org/sites/www.ibiblio.org/gentoo/ ftp://mirrors.blueyonder.co.uk/mirrors/gentoo http://gentoo.mirror.solnet.ch/" G_BROKEN_FILENAMES="1" HOME="/root" HOSTNAME="mesh" INFOPATH="/usr/share/info:/usr/share/binutils-data/i686-pc-linux-gnu/2.16.1/info:/usr/share/gcc-data/i686-pc-linux-gnu/3.4.6/info" JAVAC="/opt/blackdown-jdk-1.4.2.03/bin/javac" JAVA_HOME="/opt/blackdown-jdk-1.4.2.03" JDK_HOME="/opt/blackdown-jdk-1.4.2.03" KDEDIRS="/usr" KERNEL="linux" LANG="en_GB.UTF-8" LC_ALL="en_GB.UTF-8" LESS="-R -M --shift 5" LESSOPEN="|lesspipe.sh %s" LOGNAME="root" MAKEOPTS="-j2" MANPATH="/usr/local/share/man:/usr/share/man:/usr/share/binutils-data/i686-pc-linux-gnu/2.16.1/man:/usr/share/gcc-data/i686-pc-linux-gnu/3.4.6/man::/opt/blackdown-jdk-1.4.2.03/man:/usr/qt/3/doc/man:/opt/vmware/player/man" MOZILLA_FIVE_HOME="/usr/lib/mozilla" OPENGL_PROFILE="nvidia" PAGER="/usr/bin/less" PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/3.4.6:/opt/blackdown-jdk-1.4.2.03/bin:/opt/blackdown-jdk-1.4.2.03/jre/bin:/usr/kde/3.5/sbin:/usr/kde/3.5/bin:/usr/qt/3/bin:/usr/kde/3.4/sbin:/usr/kde/3.4/bin:/opt/vmware/player/bin" PKGDIR="/usr/portage/packages" PORTAGE_ARCHLIST="alpha amd64 arm hppa ia64 m68k mips ppc ppc64 ppc-macos s390 sh sparc x86 x86-fbsd" PORTAGE_BINHOST_CHUNKSIZE="3000" PORTAGE_CALLER="emerge" PORTAGE_GID="250" PORTAGE_MASTER_PID="23612" PORTAGE_NICENESS="15" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PRELINK_PATH="" PRELINK_PATH_MASK="/usr/lib/gstreamer-0.8:/lib/modules:/usr/lib/locale:/usr/lib/wine:/usr/lib/valgrind:*.la:*.png:*.py:*.pl:*.pm:*.sh:*.xml:*.xslt:*.a:*.js" PWD="/root" PYTHONPATH="/usr/lib/portage/pym" QMAKESPEC="linux-g++" QTDIR="/usr/qt/3" RESUMECOMMAND="/usr/bin/wget -c -t 5 --passive-ftp -P ${DISTDIR} ${URI}" RPMDIR="/usr/portage/rpm" RSYNC_RETRIES="3" RSYNC_TIMEOUT="180" SEARCH_DIRS_MASK="/opt/opera/lib/opera/plugins" SHELL="/bin/bash" SHLVL="1" SYNC="rsync://rsync.gentoo.org/gentoo-portage" TERM="xterm" USE="x86 3dnow 3dnowext X aac alsa apache2 apm audiofile avi berkdb bitmap-fonts bzip2 cdr cli crypt cups curl dri dts dvd eds emboss encode esd ethereal exif expat fam flac foomaticdb fortran gdbm gif glut gmp gnome gpm gstreamer gtk gtk2 gtkhtml hal idn imagemagick imlib ipv6 isdnlog jack java jpeg lame lcms libg++ libwww mad mikmod mmx mmxext mng motif mozilla mp3 mpeg msn ncurses nls nptl nsplugin nvidia ogg openal opengl oss pam pcre pdflib perl png pppd python quicktime readline reflection ruby sdl session speex spell spl ssd sse sse2 ssl symlink tcltk tcpd theora tiff truetype truetype-fonts type1-fonts udev usb vorbis win32codecs xine xml xml2 xmms xorg xv xvid zlib userland_GNU kernel_linux elibc_glibc" USER="root" USERLAND="GNU" USE_EXPAND="FRITZCAPI_CARDS FCDSL_CARDS VIDEO_CARDS DVB_CARDS LIRC_DEVICES INPUT_DEVICES LINGUAS USERLAND KERNEL ELIBC" XARGS="xargs -r" XAUTHORITY="/root/.xauthqMB8mc" XINITRC="/etc/X11/xinit/xinitrc" _="/usr/bin/emerge"
*** This bug has been marked as a duplicate of 135027 ***