Ubuntu
sudo package

I think there is some security issue in my ubuntu .

Bug #1751129 reported by Umer farooq
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sudo (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

If I log into any other user i am able to access my main user through terminal with my current user password. I am using ubuntu 16.04 and I think it might be in all ubuntu 16.04 operating systems.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: unity 7.4.5+16.04.20171201.3
Uname: Linux 4.15.1-041501-generic x86_64
.tmp.unity_support_test.0:

ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
CompizPlugins: [core,composite,opengl,compiztoolbox,decor,vpswitch,snap,mousepoll,resize,place,move,wall,grid,regex,imgpng,session,gnomecompat,animation,fade,staticswitcher,workarounds,scale,expo,ezoom,dbus]
CompositorRunning: compiz
CompositorUnredirectDriverBlacklist: '(nouveau|Intel).*Mesa 8.0'
CompositorUnredirectFSW: true
CurrentDesktop: Unity
Date: Fri Feb 23 01:06:34 2018
DistUpgraded: Fresh install
DistroCodename: xenial
DistroVariant: ubuntu
DkmsStatus:
 bbswitch, 0.8, 4.13.0-32-generic, x86_64: installed
 bbswitch, 0.8, 4.15.1-041501-generic, x86_64: installed
 nvidia-384, 384.111, 4.13.0-32-generic, x86_64: installed
 nvidia-384, 384.111, 4.15.1-041501-generic, x86_64: installed
 virtualbox, 5.0.40, 4.13.0-32-generic, x86_64: installed
ExecutablePath: /usr/bin/compiz
GconfCompiz:
 /apps/compiz-1/general:
   /apps/compiz-1/general/screen0:
    /apps/compiz-1/general/screen0/options:
     active_plugins = [core,composite,opengl,compiztoolbox,decor,vpswitch,snap,mousepoll,resize,place,move,wall,grid,regex,imgpng,session,gnomecompat,animation,fade,staticswitcher,workarounds,scale,expo,ezoom,dbus]
GraphicsCard:
 Intel Corporation Haswell-ULT Integrated Graphics Controller [8086:0a16] (rev 0b) (prog-if 00 [VGA controller])
   Subsystem: Hewlett-Packard Company Haswell-ULT Integrated Graphics Controller [103c:198f]
InstallationDate: Installed on 2018-01-22 (31 days ago)
InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64 (20170801)
MachineType: Hewlett-Packard HP EliteBook 840 G1
ProcEnviron:
 PATH=(custom, user)
 SHELL=/bin/bash
 LANG=en_IN
 LANGUAGE=en_IN:en
 XDG_RUNTIME_DIR=<set>
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.1-041501-generic root=UUID=95af4278-a5ad-4183-9691-2a68fd0e627e ro resume=UUID=a7e7e167-65b7-4b78-ad75-4400e9b38bad resume= resume= quiet splash vt.handoff=7
SourcePackage: unity
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 09/01/2015
dmi.bios.vendor: Hewlett-Packard
dmi.bios.version: L71 Ver. 01.33
dmi.board.name: 198F
dmi.board.vendor: Hewlett-Packard
dmi.board.version: KBC Version 15.57
dmi.chassis.asset.tag: CNU4219GQQ
dmi.chassis.type: 10
dmi.chassis.vendor: Hewlett-Packard
dmi.modalias: dmi:bvnHewlett-Packard:bvrL71Ver.01.33:bd09/01/2015:svnHewlett-Packard:pnHPEliteBook840G1:pvrA3009FD10303:rvnHewlett-Packard:rn198F:rvrKBCVersion15.57:cvnHewlett-Packard:ct10:cvr:
dmi.product.family: 103C_5336AN G=N L=BUS B=HP S=ELI
dmi.product.name: HP EliteBook 840 G1
dmi.product.version: A3009FD10303
dmi.sys.vendor: Hewlett-Packard
version.compiz: compiz 1:0.9.12.3+16.04.20171116-0ubuntu1
version.ia32-libs: ia32-libs N/A
version.libdrm2: libdrm2 2.4.83-1~16.04.1
version.libgl1-mesa-dri: libgl1-mesa-dri 17.2.8-0ubuntu0~16.04.1
version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
version.libgl1-mesa-glx: libgl1-mesa-glx 17.2.8-0ubuntu0~16.04.1
version.xserver-xorg-core: xserver-xorg-core N/A
version.xserver-xorg-input-evdev: xserver-xorg-input-evdev N/A
version.xserver-xorg-video-ati: xserver-xorg-video-ati N/A
version.xserver-xorg-video-intel: xserver-xorg-video-intel N/A
version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau N/A
xserver.bootTime: Thu Feb 22 21:34:13 2018
xserver.configfile: default
xserver.errors:

xserver.logfile: /var/log/Xorg.0.log
xserver.version: 2:1.19.5-0ubuntu2~16.04.1
xserver.video_driver: modeset

Revision history for this message
Umer farooq (theumar) wrote :
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Hello Umer, can you provide some more information?

Thanks

information type: Private Security → Public Security
Changed in unity (Ubuntu):
status: New → Incomplete
Revision history for this message
Umer farooq (theumar) wrote : Re: [Bug 1751129] Re: I think there is some security issue in my ubuntu .
Download full text (4.9 KiB)

If i have user1 and user2 in ubuntu.
And i log into user2 and in terminal I type "sudo su user1"
Then type user1 sudo password.
Boom and I am in user1 terminal and access everything.
I think it shouldn't be like that.

On 23 Feb 2018 6:40 am, "Seth Arnold" <email address hidden> wrote:

> Hello Umer, can you provide some more information?
>
> Thanks
>
> ** Information type changed from Private Security to Public Security
>
> ** Changed in: unity (Ubuntu)
> Status: New => Incomplete
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1751129
>
> Title:
> I think there is some security issue in my ubuntu .
>
> Status in unity package in Ubuntu:
> Incomplete
>
> Bug description:
> If I log into any other user i am able to access my main user through
> terminal with my current user password. I am using ubuntu 16.04 and I
> think it might be in all ubuntu 16.04 operating systems.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 16.04
> Package: unity 7.4.5+16.04.20171201.3
> Uname: Linux 4.15.1-041501-generic x86_64
> .tmp.unity_support_test.0:
>
> ApportVersion: 2.20.1-0ubuntu2.15
> Architecture: amd64
> CompizPlugins: [core,composite,opengl,compiztoolbox,decor,vpswitch,
> snap,mousepoll,resize,place,move,wall,grid,regex,imgpng,
> session,gnomecompat,animation,fade,staticswitcher,
> workarounds,scale,expo,ezoom,dbus]
> CompositorRunning: compiz
> CompositorUnredirectDriverBlacklist: '(nouveau|Intel).*Mesa 8.0'
> CompositorUnredirectFSW: true
> CurrentDesktop: Unity
> Date: Fri Feb 23 01:06:34 2018
> DistUpgraded: Fresh install
> DistroCodename: xenial
> DistroVariant: ubuntu
> DkmsStatus:
> bbswitch, 0.8, 4.13.0-32-generic, x86_64: installed
> bbswitch, 0.8, 4.15.1-041501-generic, x86_64: installed
> nvidia-384, 384.111, 4.13.0-32-generic, x86_64: installed
> nvidia-384, 384.111, 4.15.1-041501-generic, x86_64: installed
> virtualbox, 5.0.40, 4.13.0-32-generic, x86_64: installed
> ExecutablePath: /usr/bin/compiz
> GconfCompiz:
> /apps/compiz-1/general:
> /apps/compiz-1/general/screen0:
> /apps/compiz-1/general/screen0/options:
> active_plugins = [core,composite,opengl,
> compiztoolbox,decor,vpswitch,snap,mousepoll,resize,place,
> move,wall,grid,regex,imgpng,session,gnomecompat,animation,
> fade,staticswitcher,workarounds,scale,expo,ezoom,dbus]
> GraphicsCard:
> Intel Corporation Haswell-ULT Integrated Graphics Controller
> [8086:0a16] (rev 0b) (prog-if 00 [VGA controller])
> Subsystem: Hewlett-Packard Company Haswell-ULT Integrated Graphics
> Controller [103c:198f]
> InstallationDate: Installed on 2018-01-22 (31 days ago)
> InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64
> (20170801)
> MachineType: Hewlett-Packard HP EliteBook 840 G1
> ProcEnviron:
> PATH=(custom, user)
> SHELL=/bin/bash
> LANG=en_IN
> LANGUAGE=en_IN:en
> XDG_RUNTIME_DIR=<set>
> ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.1-041501-generic
> root=UUID=95af4278-a5ad-4183-9691-2a68fd0e627e ro
> resume=UUID=a7e7e167-65b7-4b78-ad75-4400e9b38bad resume= resume=...

Read more...

Revision history for this message
Umer farooq (theumar) wrote :
Download full text (5.1 KiB)

??

On Fri, 23 Feb 2018, 1:13 pm Umar Farooq, <email address hidden> wrote:

> If i have user1 and user2 in ubuntu.
> And i log into user2 and in terminal I type "sudo su user1"
> Then type user1 sudo password.
> Boom and I am in user1 terminal and access everything.
> I think it shouldn't be like that.
>
>
> On 23 Feb 2018 6:40 am, "Seth Arnold" <email address hidden> wrote:
>
>> Hello Umer, can you provide some more information?
>>
>> Thanks
>>
>> ** Information type changed from Private Security to Public Security
>>
>> ** Changed in: unity (Ubuntu)
>> Status: New => Incomplete
>>
>> --
>> You received this bug notification because you are subscribed to the bug
>> report.
>> https://bugs.launchpad.net/bugs/1751129
>>
>> Title:
>> I think there is some security issue in my ubuntu .
>>
>> Status in unity package in Ubuntu:
>> Incomplete
>>
>> Bug description:
>> If I log into any other user i am able to access my main user through
>> terminal with my current user password. I am using ubuntu 16.04 and I
>> think it might be in all ubuntu 16.04 operating systems.
>>
>> ProblemType: Bug
>> DistroRelease: Ubuntu 16.04
>> Package: unity 7.4.5+16.04.20171201.3
>> Uname: Linux 4.15.1-041501-generic x86_64
>> .tmp.unity_support_test.0:
>>
>> ApportVersion: 2.20.1-0ubuntu2.15
>> Architecture: amd64
>> CompizPlugins:
>> [core,composite,opengl,compiztoolbox,decor,vpswitch,snap,mousepoll,resize,place,move,wall,grid,regex,imgpng,session,gnomecompat,animation,fade,staticswitcher,workarounds,scale,expo,ezoom,dbus]
>> CompositorRunning: compiz
>> CompositorUnredirectDriverBlacklist: '(nouveau|Intel).*Mesa 8.0'
>> CompositorUnredirectFSW: true
>> CurrentDesktop: Unity
>> Date: Fri Feb 23 01:06:34 2018
>> DistUpgraded: Fresh install
>> DistroCodename: xenial
>> DistroVariant: ubuntu
>> DkmsStatus:
>> bbswitch, 0.8, 4.13.0-32-generic, x86_64: installed
>> bbswitch, 0.8, 4.15.1-041501-generic, x86_64: installed
>> nvidia-384, 384.111, 4.13.0-32-generic, x86_64: installed
>> nvidia-384, 384.111, 4.15.1-041501-generic, x86_64: installed
>> virtualbox, 5.0.40, 4.13.0-32-generic, x86_64: installed
>> ExecutablePath: /usr/bin/compiz
>> GconfCompiz:
>> /apps/compiz-1/general:
>> /apps/compiz-1/general/screen0:
>> /apps/compiz-1/general/screen0/options:
>> active_plugins =
>> [core,composite,opengl,compiztoolbox,decor,vpswitch,snap,mousepoll,resize,place,move,wall,grid,regex,imgpng,session,gnomecompat,animation,fade,staticswitcher,workarounds,scale,expo,ezoom,dbus]
>> GraphicsCard:
>> Intel Corporation Haswell-ULT Integrated Graphics Controller
>> [8086:0a16] (rev 0b) (prog-if 00 [VGA controller])
>> Subsystem: Hewlett-Packard Company Haswell-ULT Integrated Graphics
>> Controller [103c:198f]
>> InstallationDate: Installed on 2018-01-22 (31 days ago)
>> InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64
>> (20170801)
>> MachineType: Hewlett-Packard HP EliteBook 840 G1
>> ProcEnviron:
>> PATH=(custom, user)
>> SHELL=/bin/bash
>> LANG=en_IN
>> LANGUAGE=en_IN:en
>> XDG_RUNTIME_DIR=<set>
>> ProcKernelCmdLine: BOOT_IMAGE=/boot...

Read more...

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Hello Umer, I believe this is working as intended.

By default Ubuntu users in the admin or sudo group have full privileges on the system via sudo.

If you can reproduce this without being in either of these groups, please re-open, attach your sudoers(5) file, and a terminal transcript showing id(1) output and the problem.

Thanks

affects: unity (Ubuntu) → sudo (Ubuntu)
Revision history for this message
Umer farooq (theumar) wrote :
Download full text (5.0 KiB)

You are not understanding the problem this way .....
Can u call on my number +918715091128

On Tue, 6 Mar 2018, 4:01 pm Seth Arnold, <email address hidden> wrote:

> Hello Umer, I believe this is working as intended.
>
> By default Ubuntu users in the admin or sudo group have full privileges
> on the system via sudo.
>
> If you can reproduce this without being in either of these groups,
> please re-open, attach your sudoers(5) file, and a terminal transcript
> showing id(1) output and the problem.
>
> Thanks
>
> ** Package changed: unity (Ubuntu) => sudo (Ubuntu)
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1751129
>
> Title:
> I think there is some security issue in my ubuntu .
>
> Status in sudo package in Ubuntu:
> Incomplete
>
> Bug description:
> If I log into any other user i am able to access my main user through
> terminal with my current user password. I am using ubuntu 16.04 and I
> think it might be in all ubuntu 16.04 operating systems.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 16.04
> Package: unity 7.4.5+16.04.20171201.3
> Uname: Linux 4.15.1-041501-generic x86_64
> .tmp.unity_support_test.0:
>
> ApportVersion: 2.20.1-0ubuntu2.15
> Architecture: amd64
> CompizPlugins:
> [core,composite,opengl,compiztoolbox,decor,vpswitch,snap,mousepoll,resize,place,move,wall,grid,regex,imgpng,session,gnomecompat,animation,fade,staticswitcher,workarounds,scale,expo,ezoom,dbus]
> CompositorRunning: compiz
> CompositorUnredirectDriverBlacklist: '(nouveau|Intel).*Mesa 8.0'
> CompositorUnredirectFSW: true
> CurrentDesktop: Unity
> Date: Fri Feb 23 01:06:34 2018
> DistUpgraded: Fresh install
> DistroCodename: xenial
> DistroVariant: ubuntu
> DkmsStatus:
> bbswitch, 0.8, 4.13.0-32-generic, x86_64: installed
> bbswitch, 0.8, 4.15.1-041501-generic, x86_64: installed
> nvidia-384, 384.111, 4.13.0-32-generic, x86_64: installed
> nvidia-384, 384.111, 4.15.1-041501-generic, x86_64: installed
> virtualbox, 5.0.40, 4.13.0-32-generic, x86_64: installed
> ExecutablePath: /usr/bin/compiz
> GconfCompiz:
> /apps/compiz-1/general:
> /apps/compiz-1/general/screen0:
> /apps/compiz-1/general/screen0/options:
> active_plugins =
> [core,composite,opengl,compiztoolbox,decor,vpswitch,snap,mousepoll,resize,place,move,wall,grid,regex,imgpng,session,gnomecompat,animation,fade,staticswitcher,workarounds,scale,expo,ezoom,dbus]
> GraphicsCard:
> Intel Corporation Haswell-ULT Integrated Graphics Controller
> [8086:0a16] (rev 0b) (prog-if 00 [VGA controller])
> Subsystem: Hewlett-Packard Company Haswell-ULT Integrated Graphics
> Controller [103c:198f]
> InstallationDate: Installed on 2018-01-22 (31 days ago)
> InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64
> (20170801)
> MachineType: Hewlett-Packard HP EliteBook 840 G1
> ProcEnviron:
> PATH=(custom, user)
> SHELL=/bin/bash
> LANG=en_IN
> LANGUAGE=en_IN:en
> XDG_RUNTIME_DIR=<set>
> ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.1-041501-generic
> root=UUID=95af4278-a5ad-4183-9691-2a68fd0e627e ro
> res...

Read more...

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for sudo (Ubuntu) because there has been no activity for 60 days.]

Changed in sudo (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.