Guest session clean up can remove other user's files
Bug #953044 reported by
Martin Pitt
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Light Display Manager |
Invalid
|
Undecided
|
Unassigned | ||
gdm-guest-session (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Maverick |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Natty |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Oneiric |
Won't Fix
|
Undecided
|
Unassigned | ||
lightdm (Ubuntu) |
Fix Released
|
High
|
Martin Pitt | ||
Oneiric |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Precise |
Fix Released
|
High
|
Martin Pitt |
Bug Description
/usr/sbin/
# remove leftovers in /tmp
find /tmp -mindepth 1 -maxdepth 1 -uid "$UID" | xargs rm -rf || true
This runs with the cwd of the last logged in user. If the user creates a file "/tmp/x a", the file "a" gets removed from the last user's login.
Thanks to Ryan Lortie for discovering this!
CVE References
Changed in lightdm: | |
assignee: | nobody → Martin Pitt (pitti) |
visibility: | private → public |
Changed in gdm-guest-session (Ubuntu Oneiric): | |
status: | Confirmed → Won't Fix |
To post a comment you must log in.
Same bug in gdm-guest-session. This exists up to oneiric, although it won't work at all in oneiric (we forgot to remove it).