Ubuntu
language-selector package

in lubnutu the input method for all users can be changed from the guest session.

Bug #1486751 reported by Lyn Perrine
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
language-selector (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

To reproduce on lubuntu with both ibus and fcitx installed log into the guest session after an install on lubuntu 15.10 in the menu open language selector and change the input method from either ibus to fcitx or fcitx to ibus and then click onto apply system wide and the regular user will have their input method changed after logging out of the guest session and logging in as a regular user. Description: Ubuntu Wily Werewolf (development branch)
Release: 15.10

fcitx:
  Installed: 1:4.2.9-1
  Candidate: 1:4.2.9-1
  Version table:
 *** 1:4.2.9-1 0
        500 http://us.archive.ubuntu.com/ubuntu/ wily/main i386 Packages
        100 /var/lib/dpkg/status
ibus:
  Installed: 1.5.10-1ubuntu1
  Candidate: 1.5.10-1ubuntu1
  Version table:
 *** 1.5.10-1ubuntu1 0
        500 http://us.archive.ubuntu.com/ubuntu/ wily/main i386 Packages
        100 /var/lib/dpkg/status
language-selector-gnome:
 Installed: 0.147
  Candidate: 0.147
  Version table:
 *** 0.147 0
        500 http://us.archive.ubuntu.com/ubuntu/ wily/main i386 Packages
        100 /var/lib/dpkg/status
Description: Ubuntu Wily Werewolf (development branch)
Release: 15.10

I expected a need to authenticate to change system wide settings Instead I could change all users installed input methods witout a password. Not really sure this is a secruity vulnerability. I have not yet tried with flavors other than lubuntu.

ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: language-selector-gnome 0.147
ProcVersionSignature: Ubuntu 4.1.0-3.3-generic 4.1.3
Uname: Linux 4.1.0-3-generic i686
ApportVersion: 2.18-0ubuntu7
Architecture: i386
CurrentDesktop: LXDE
Date: Wed Aug 19 14:30:00 2015
ExecutablePath: /usr/bin/gnome-language-selector
InstallationDate: Installed on 2015-08-19 (0 days ago)
InstallationMedia: Lubuntu 15.10 "Wily Werewolf" - Alpha i386 (20150819)
InterpreterPath: /usr/bin/python3.4
PackageArchitecture: all
SourcePackage: language-selector
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Lyn Perrine (walterorlin) wrote :
Revision history for this message
Ubuntu QA Website (ubuntuqa) wrote :

This bug has been reported on the Ubuntu ISO testing tracker.

A list of all reports related to this bug can be found here:
http://iso.qa.ubuntu.com/qatracker/reports/bugs/1486751

tags: added: iso-testing
Revision history for this message
Gunnar Hjalmarsson (gunnarhj) wrote :

Thanks for your report, Brendan. However, I'm pretty sure there is some kind of misconception involved - it simply does not work that way.

The input method selector in Language Support is a user specific setting only. Switching the value changes the file ~/.xinputrc. Also, when you are in a guest session, clicking "Apply System-Wide" is a no-op. A guest cannot change any settings system wide. (And when you click "Apply System-Wide" from a regular session, you are prompted for an admin password, and then you change the default display language settings system wide, not the input method.)

The default system wide input method in Wily is locale dependent. Possibly that has something to do with the observations you made. So, if you provide an even more detailed step-by-step description for reproducing the behavior, including what you did with respect to display language settings, we might be able to figure out the explanation and decide if something ought to be changed.

Changed in language-selector (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for language-selector (Ubuntu) because there has been no activity for 60 days.]

Changed in language-selector (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.