Any user can manage bluetooth devices
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bluez (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: bluez-gnome
This is on Ubuntu 8.10. Using the new Guest session I can manage bluetooth devices, e.g. delete them, and the change impacts other users on the system.
Steps to replicate:
1. Log in as guest.
2. Go to System -> Preferences -> Bluetooth
3. Pair with a new device or delete an existing device.
4. Log out and log in with a regular user. The device list is changed!
Expected behaviour:
1. The Guest user should not be able to delete bluetooth devices added by other users!
2. Potentially, bluetooth devices added by the Guest user should not be added for other users as well and/or retained after the Guest user has logged out.
Possible solution:
Create a system-wide bluetooth device/settings list and per-user bluetooth device/settings lists. This way system-critical bluetooth devices can be available to all users (e.g. mouse and keyboard), but can only be added/deleted by root (and any device could be marked as such directly from the bluetooth panel by giving the sudo password), and each user has their own bluetooth devices which they can add/delete at will. This way any bluetooth devices added by Guest would be erased after they log out and would not show up for other users at all.
This "per user" behavour would be expected from an application which can be run by any user without giving the sudo/root password.
Maybe I should report this directly to the maintainers of bluez-gnome as well?
summary: |
- [Intrepid] Guest user can manage bluetooth devices + Guest user can manage bluetooth devices |
summary: |
- Guest user can manage bluetooth devices + Any user can manage bluetooth devices |
tags: | added: intrepid |
tags: | added: bluez-classic |
I can confirm this, but I don't know if it's a bluez bug or whether it can be fixed in gdm-guest-session.
Martin - what do you think?