guest session is not confined by apparmor

Bug #975901 reported by Albert Damen on 2012-04-07
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lightdm (Ubuntu)
Martin Pitt
Martin Pitt

Bug Description

When running a guest session, I noticed I could access the home directories of other users on the system.
aa-status showed the guest session process was not confined by apparmor.
25 profiles are in enforce mode

/etc/apparmor.d/lightdm-guest-session has "/usr/lib/lightdm/lightdm-guest-session-wrapper {"
However, the actual guest session wrapper script is shipped in /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper.

After I changed /etc/apparmor.d/lightdm-guest-session to point to the correct location of the wrapper, the guest session was correctly confined, as shown with aa-status, and access to other home directories was properly denied.

81 processes are in enforce mode.
   /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper (5217)

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: lightdm 1.2.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-22.35-generic 3.2.14
Uname: Linux 3.2.0-22-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0-0ubuntu4
Architecture: amd64
Date: Sat Apr 7 13:45:14 2012
EcryptfsInUse: Yes
 PATH=(custom, user)
SourcePackage: lightdm
UpgradeStatus: Upgraded to precise on 2012-02-18 (49 days ago)
mtime.conffile..etc.apparmor.d.lightdm.guest.session: 2012-04-07T12:42:00

Albert Damen (albrt) wrote :
visibility: private → public
Changed in lightdm (Ubuntu):
importance: Undecided → High
Martin Pitt (pitti) wrote :

/usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper sounds like a recent packaging error. When I wrote the policy the path definitively was /usr/lib/lightdm/lightdm-guest-session-wrapper. Robert, is that new path intended? It looks a bit exaggerated.

Changed in lightdm (Ubuntu Precise):
milestone: none → ubuntu-12.04
tags: added: regression-release
Martin Pitt (pitti) on 2012-04-10
Changed in lightdm (Ubuntu Precise):
assignee: nobody → Martin Pitt (pitti)
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lightdm - 1.2.0-0ubuntu2

lightdm (1.2.0-0ubuntu2) precise; urgency=low

  * Fix wrapper path in AppArmor profile. This got broken in 1.1.1. Patch also
    committed upstream, and cherry-picked (r1487) (LP: #975901)
 -- Martin Pitt <email address hidden> Tue, 10 Apr 2012 11:06:03 +0200

Changed in lightdm (Ubuntu Precise):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers