Ubuntu
nautilus package

Force quitting Nautilus may give root access

Bug #1549901 reported by Tobias Voit on 2016-02-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	nautilus (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

Ubuntu version: 16.04 Xenial Xerus
Nautilus version: 1:3.18.4.is.3.14.3-0ubuntu2
Gnome Shell version: 3.18.3-3ubuntu1

Hi guys,

I’ve been using Ubuntu for quite some time now, but I’m still an absolute noob, so please excuse my lack of technical knowledge. I’ve encountered a bug on Ubuntu 16.04 Xenial Xerus that seems quite grave to me:

I use Ubuntu 16.04 alpha with Gnome Shell installed from the standard repos, with Nautilus managing my desktop.
Sometimes Nautilus uses too much RAM or becomes unresponsive. In this case I use either the GUI "force quit" button or the killall nautilus command in order to restart it. This worked fine in previous versions of Ubuntu.

When I do this in Xenial, the /root/Desktop folder appears on my home screen (discernible by a different wallpaper). From there, I can open Nautilus as root (by creating a new folder) or even a root terminal without entering a root/sudo password.

Regards
Tobias Voit

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2016-02-25:

Hi Tobias, can you describe how to configure something similar from a
'blank' xenial VM instance?

I had trouble recreating your environment. I installed gnome-shell,
selected 'gnome' from the lightdm chooser after a reboot, started a
terminal via the root window menu, and there was no 'nautilus' process
running yet. Starting one started a full-screen file manager window. I
backgrounded then killed that process but didn't notice any real changes.

Thanks

Changed in nautilus (Ubuntu):
status:	New → Incomplete

Revision history for this message

Tobias Voit (antaragtc) wrote on 2016-02-28:

Screenshot from VirtualBox Edit (230.3 KiB, image/png)

I’ve been trying to reproduce this behavior on a VirtualBox VM. In doing this, I found out it was at least to some extent a user error on my part: the bug only occurs when I have an active root Nautilus process still lingering in the system.

1. Install Gnome Shell from the default repos: $ sudo apt-get install gnome-shell

2. Install gksu (pkexec works as well, but seems to a PolicyKit file): $ sudo apt-get install gksu

3. Open a root Nautilus window (ignore the error message): $ gksu nautilus

4. Close the root Nautilus window again using the „x“ button or right click → close

The root Nautilus process will still be there, you can see it in the System Monitor (if you look for it, that is). This did not happen in earlier releases – tested in Saucy.

5. Force quit the regular Nautilus process (not as root): $ killall nautilus.

Obviously, step 5 does not kill the root Nautilus process, only the user’s.

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2016-02-29:

Thanks Tobias; after executing gksu nautilus, it's possible to get a root shell in the terminal via the root menu -> Open Terminal menu entry too -- I haven't yet figured out the exact sequence to execute to reproduce but I've seen it three times so far.

Of course, executing X11 clients via sudo / su / gksu is dangerous in the first place and perhaps GNOME was written with the expectation that no one would ever do this. I'm not sure if it qualifies as a security vulnerability or as something that's too dangerous to ever be done safely.

Thanks

Changed in nautilus (Ubuntu):
status:	Incomplete → Confirmed

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2016-02-29:

Tobias, thanks for the report; after discussion we've decided to not handle this as a security vulnerability. Mixing root and not-root applications in one X11 session is a bad idea and this is further demonstration of the known issues.

It might still be worth reporting upstream -- the Nautilus developers may wish to have the program close when the last window is closed, or perhaps print a warning if they can determine that it is being run via sudo / su / gksu etc.

Thanks

information type:

Private Security → Public