date tool on login screen has "add event" which envokes evolution as the lightdm user

Bug #836162 reported by Andy Whitcroft on 2011-08-28
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lightdm (Ubuntu)
Medium
Unassigned
Oneiric
Medium
Unassigned

Bug Description

From the lightdm login screen the datetime indicator has the "add event" entry which envokes evolution as the lightdm user. Bad!

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: lightdm 0.9.3-0ubuntu8
ProcVersionSignature: Ubuntu 3.0.0-10.15~drmverbosity201108251748-generic 3.0.3
Uname: Linux 3.0.0-10-generic x86_64
Architecture: amd64
Date: Sun Aug 28 18:08:36 2011
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110427.1)
ProcEnviron:
 LANGUAGE=en_GB:en
 PATH=(custom, no user)
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
SourcePackage: lightdm
UpgradeStatus: Upgraded to oneiric on 2011-06-09 (80 days ago)
mtime.conffile..etc.lightdm.lightdm.conf: 2011-08-28T15:58:56.143268

Andy Whitcroft (apw) wrote :
visibility: private → public
Changed in lightdm (Ubuntu):
importance: Undecided → Medium
milestone: none → ubuntu-11.10-beta-2
status: New → Triaged
Andrew Glen-Young (aglenyoung) wrote :

It should also be noted that by attempting to add the event, the Evolution setup wizard runs. By using the "Restore from backup" mechanism of the wizard, any user can browse the filesystem as the lightdm user!

Robert Roth (evfool) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug #836521, so it is being marked as such. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally, any further discussion regarding the bug should occur in the other report. Feel free to continue to report any other bugs you may find.
---
Ubuntu Bug Squad volunteer triager
http://wiki.ubuntu.com/BugSquad

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers