Other User ID's and Names visible on the Server
Bug #793084 reported by
Bernd Dietzel
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| WebLive |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
prove :
on the ubuntu software center test a terminal appication and connect to the weblive server.
in the terminal type in :
gnome-panel
now you have the complete ubuntu desktop
navigate to users and groups and find the other users id's with their Names
or navigate with nautilus to the /home directory.
should be not visible in my opinion.
please fix it :-)
Video from me to show how to get the complete Desktop (german language)
http://
Revision history for this message
| Stéphane Graber (stgraber) wrote | #1 |
| Changed in weblive: | |
| status: | New → Won't Fix |
| security vulnerability: | yes → no |
| visibility: | private → public |
Revision history for this message
| Bernd Dietzel (1-launchpad-net-theregrunner-com) wrote | #2 |
To post a comment you must log in.
Hi,
The fact that you can start a full desktop isn't a bug, it's a feature of WebLive.
You can easily access the feature at: http://
Indeed the server is shared with many concurrent users, in some cases the users are moved to containers but it's not done systematically yet as there still are a few bugs and it's using quite a bit of disk space to do so.
I did a quick check and you can't read another user's files in their home directory though in some cases sessions fail to cleanup properly, leaving extra entries in /home (cleaned up daily). In such case, if you get the same uid as a previous deleted user, you'll be able to access their home directory.
In the future, WebLive might switch to a model where it uses containers for all sessions, then it'll be quite easy to avoid users from seeing each other at all, but it's not a very high priority task yet.
Thanks for the bug report!