Lock screen no longer protects encrypted home because of switch user.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Linux Mint |
New
|
Undecided
|
Unassigned |
Bug Description
Hi I am running Linux Mint 14 cinnamon rc, 64 bit.
The "Switch User..." ability from the lock screen currently has a security vulnerability, allowing people without my password to access my otherwise encrypted home folder.
If I go away from the computer for a not very long time, I would normally lock the screen, or sleep it, which means to access my account you would need my password. However, a design flaw in the updated lock screen means that anyone else with an administrative account would be able to access my data from the lock screen on my account.
To reproduce it, set up an encrypted account and another administrative account. Log onto the encrypted account, then lock the screen and go away. The person with the other admin account then comes along, clicks on "Switch User...", and then logs onto their account. They can then run nemo as root, and can access all the otherwise encrypted files by only using their own password.
Whilst this vulnerability would apply to people with unencrypted accounts normally, people who have encrypted home folders do it sometimes because they want more protection than the permission system (as well as the issue of people booting from USBs etc.)
There are two potential solutions to this. A short term workaround would be that for accounts of people with encrypted home folders to not offer that option on the lock screen. A better solution, since this is a good feature, would be for, on the accounts of people with encrypted home folders, instead of simply switching the user, it would save the session in the home folder and log off, thus the files would be encrypted if another admin tried to access them, but the person with the encrypted account would not lose any work.
information type: | Private Security → Public Security |