malformed gconftool-2 command spawns countless windows
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gconf-editor (Ubuntu) |
Expired
|
Low
|
Unassigned | ||
Bug Description
Binary package hint: gconf-editor
Ubuntu 10.10
gconf-editor: 2.32.0-0ubuntu1
i was in a terminal trying to figure out how to properly use gconftool-2 to hide the desktop's trash icon, when i accidentally stumbled on a potential security risk.
gconftool-2 --set /apps/nautilus/
running the above command will spawn "Starting File Manager..." windows indefinitely. the panel will be flooded with windows, the CPU will spike 100%, and rebooting/logging out has no effect; the windows will continue to spawn @ login time, even if in failsafe mode!
only after i was able to open gconf-editor, navigate to /apps/nautilus/
this is similar in behavior to malware on an unnamed operating system! think, if someone with malicious intent were to instruct a noob (such as myself) to run it, it could cause hardware damage from high CPU usage.
i hope this bug report has been thorough, and not overly dramatic :-) i will supply more info upon request.
| Marc Deslauriers (mdeslaur) wrote | #1 |
| security vulnerability: | yes → no |
| visibility: | private → public |
| Pedro Villavicencio (pedro) wrote | #2 |
| Changed in gconf-editor (Ubuntu): | |
| importance: | Undecided → Low |
| status: | New → Incomplete |
| Launchpad Janitor (janitor) wrote | #3 |
| Changed in gconf-editor (Ubuntu): | |
| status: | Incomplete → Expired |
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.