guest-session has read access to other users home directories
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gdm-guest-session (Ubuntu) |
Fix Released
|
High
|
Martin Pitt | ||
Karmic |
Fix Released
|
High
|
Martin Pitt |
Bug Description
Binary package hint: gdm-guest-session
I switched user to a guest session in Karmic (Gnome). In the guest session I had read access to files in my own home directory, for example using nautilus, which I would not expect from a guest session.
Testing in Jaunty showed access to home directories is blocked.
ProblemType: Bug
Architecture: amd64
Date: Mon Oct 12 19:28:24 2009
DistroRelease: Ubuntu 9.10
Package: gdm-guest-session 0.13
PackageArchitec
ProcEnviron:
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSign
SourcePackage: gdm-guest-session
Uname: Linux 2.6.31-13-generic x86_64
XsessionErrors:
(gnome-
(gnome-
(polkit-
(nautilus:2175): Eel-CRITICAL **: eel_preferences
(gnome-
visibility: | private → public |
Changed in gdm-guest-session (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → High |
Changed in gdm-guest-session (Ubuntu Karmic): | |
milestone: | none → ubuntu-9.10 |
tags: | added: regression-potential |
Changed in gdm-guest-session (Ubuntu Karmic): | |
assignee: | nobody → Martin Pitt (pitti) |
apparmor_status in my main session with the guest session open:
albert@compal:~$ sudo apparmor_status lib/connman/ scripts/ dhclient- script share/gdm/ guest-session/ Xsession bin/evince- previewer sbin/tcpdump lib/cups/ backend/ cups-pdf bin/evince- thumbnailer lib/NetworkMana ger/nm- dhcp-client. action
[sudo] password for albert:
apparmor module is loaded.
10 profiles are loaded.
10 profiles are in enforce mode.
/usr/
/usr/
/usr/
/usr/
/usr/
/usr/
/sbin/dhclient3
/usr/bin/evince
/usr/sbin/cupsd
/usr/
0 profiles are in complain mode.
2 processes have profiles defined.
2 processes are in enforce mode :
/usr/sbin/cupsd (1633)
/sbin/dhclient3 (1404)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
If I do the same in Jaunty, I see 34 "/usr/share/ gdm/guest- session/ Xsession processes" in enforced mode.