Guest session clean up can remove other user's files
Bug #953044 reported by
Martin Pitt
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Light Display Manager |
Invalid
|
Undecided
|
Unassigned | ||
| gdm-guest-session (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
| Lucid |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
| Maverick |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
| Natty |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
| Oneiric |
Won't Fix
|
Undecided
|
Unassigned | ||
| lightdm (Ubuntu) |
Fix Released
|
High
|
Martin Pitt | ||
| Oneiric |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
| Precise |
Fix Released
|
High
|
Martin Pitt | ||
Bug Description
/usr/sbin/
# remove leftovers in /tmp
find /tmp -mindepth 1 -maxdepth 1 -uid "$UID" | xargs rm -rf || true
This runs with the cwd of the last logged in user. If the user creates a file "/tmp/x a", the file "a" gets removed from the last user's login.
Thanks to Ryan Lortie for discovering this!
CVE References
| Changed in lightdm: | |
| assignee: | nobody → Martin Pitt (pitti) |
| visibility: | private → public |
| Changed in gdm-guest-session (Ubuntu Oneiric): | |
| status: | Confirmed → Won't Fix |
To post a comment you must log in.

Same bug in gdm-guest-session. This exists up to oneiric, although it won't work at all in oneiric (we forgot to remove it).