Other User ID's and Names visible on the Server

Bug #793084 reported by Bernd Dietzel on 2011-06-05
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

prove :
on the ubuntu software center test a terminal appication and connect to the weblive server.

in the terminal type in :


now you have the complete ubuntu desktop

navigate to users and groups and find the other users id's with their Names

or navigate with nautilus to the /home directory.

should be not visible in my opinion.

please fix it :-)

Video from me to show how to get the complete Desktop (german language)

Revision history for this message
Stéphane Graber (stgraber) wrote :


The fact that you can start a full desktop isn't a bug, it's a feature of WebLive.
You can easily access the feature at: http://www.edubuntu.org/weblive

Indeed the server is shared with many concurrent users, in some cases the users are moved to containers but it's not done systematically yet as there still are a few bugs and it's using quite a bit of disk space to do so.

I did a quick check and you can't read another user's files in their home directory though in some cases sessions fail to cleanup properly, leaving extra entries in /home (cleaned up daily). In such case, if you get the same uid as a previous deleted user, you'll be able to access their home directory.

In the future, WebLive might switch to a model where it uses containers for all sessions, then it'll be quite easy to avoid users from seeing each other at all, but it's not a very high priority task yet.

Thanks for the bug report!

Changed in weblive:
status: New → Won't Fix
security vulnerability: yes → no
visibility: private → public
Revision history for this message
Bernd Dietzel (1-launchpad-net-theregrunner-com) wrote :

Many thanks for checking it.
I was afraid that somone patches weblive python script to get the other users ID to access their Webbrowser Passwords or something.

Greetings from germany and keep on the good work ;-)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers