in lubnutu the input method for all users can be changed from the guest session.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
language-selector (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
To reproduce on lubuntu with both ibus and fcitx installed log into the guest session after an install on lubuntu 15.10 in the menu open language selector and change the input method from either ibus to fcitx or fcitx to ibus and then click onto apply system wide and the regular user will have their input method changed after logging out of the guest session and logging in as a regular user. Description: Ubuntu Wily Werewolf (development branch)
Release: 15.10
fcitx:
Installed: 1:4.2.9-1
Candidate: 1:4.2.9-1
Version table:
*** 1:4.2.9-1 0
500 http://
100 /var/lib/
ibus:
Installed: 1.5.10-1ubuntu1
Candidate: 1.5.10-1ubuntu1
Version table:
*** 1.5.10-1ubuntu1 0
500 http://
100 /var/lib/
language-
Installed: 0.147
Candidate: 0.147
Version table:
*** 0.147 0
500 http://
100 /var/lib/
Description: Ubuntu Wily Werewolf (development branch)
Release: 15.10
I expected a need to authenticate to change system wide settings Instead I could change all users installed input methods witout a password. Not really sure this is a secruity vulnerability. I have not yet tried with flavors other than lubuntu.
ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: language-
ProcVersionSign
Uname: Linux 4.1.0-3-generic i686
ApportVersion: 2.18-0ubuntu7
Architecture: i386
CurrentDesktop: LXDE
Date: Wed Aug 19 14:30:00 2015
ExecutablePath: /usr/bin/
InstallationDate: Installed on 2015-08-19 (0 days ago)
InstallationMedia: Lubuntu 15.10 "Wily Werewolf" - Alpha i386 (20150819)
InterpreterPath: /usr/bin/python3.4
PackageArchitec
SourcePackage: language-selector
UpgradeStatus: No upgrade log present (probably fresh install)
This bug has been reported on the Ubuntu ISO testing tracker.
A list of all reports related to this bug can be found here: iso.qa. ubuntu. com/qatracker/ reports/ bugs/1486751
http://