guninski at guninski
May 7, 2012, 1:40 AM
Post #4 of 5
On Sat, May 05, 2012 at 07:52:25PM -0400, Marc Deslauriers wrote:
Re: Ubuntu, Linux Mint, and the Guest Account
[In reply to]
> On Sat, 2012-05-05 at 19:42 -0400, Jeffrey Walton wrote:
> > I know there's not much new here, but I am amazed that Ubuntu, Linux
> > Mint and friends ship with a Guest account present and enabled.
> > The Guest account is surreptitiously added through a lightdm
> > configuration file, and is not part of the standard user database.
> > Because its not part of the standard user database, it can't be
> > disabled through /etc/shadow, nor disable it through familiar tools
> > such as userdel and usermod. Additionally, the damn account does not
> > show up in distribution provided tools such as User Accounts applet.
> > To make matters worse, grepping for guest returns 0 results because
> > lightdm.conf does not mention one must add the following to disable
> > the guest account (nothing is required to enable the account):
> > allow-guest=false
> > To add insult to injury, the Guest account is not sandboxed and user
> > home directories lack sufficient ACLs, so the guest account is able to
> > wander through user's home directories:
> The guest account should be confined with an AppArmor profile on Ubuntu,
> which prevents it from accessing other users' directories. Please file a
> bug if this isn't working correctly for you.
i doubt AppArmor stops all root exploits, though i don't care about
your nonsense much
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/