Other User ID's and Names visible on the Server
Bug #793084 reported by
Bernd Dietzel
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
WebLive |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
prove :
on the ubuntu software center test a terminal appication and connect to the weblive server.
in the terminal type in :
gnome-panel
now you have the complete ubuntu desktop
navigate to users and groups and find the other users id's with their Names
or navigate with nautilus to the /home directory.
should be not visible in my opinion.
please fix it :-)
Video from me to show how to get the complete Desktop (german language)
http://
security vulnerability: | yes → no |
visibility: | private → public |
To post a comment you must log in.
Hi,
The fact that you can start a full desktop isn't a bug, it's a feature of WebLive. www.edubuntu. org/weblive
You can easily access the feature at: http://
Indeed the server is shared with many concurrent users, in some cases the users are moved to containers but it's not done systematically yet as there still are a few bugs and it's using quite a bit of disk space to do so.
I did a quick check and you can't read another user's files in their home directory though in some cases sessions fail to cleanup properly, leaving extra entries in /home (cleaned up daily). In such case, if you get the same uid as a previous deleted user, you'll be able to access their home directory.
In the future, WebLive might switch to a model where it uses containers for all sessions, then it'll be quite easy to avoid users from seeing each other at all, but it's not a very high priority task yet.
Thanks for the bug report!