Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Full Disclosure: Full-Disclosure

Ubuntu, Linux Mint, and the Guest Account

 

 

Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded


noloader at gmail

May 5, 2012, 4:42 PM

Post #1 of 5 (390 views)
Permalink
Ubuntu, Linux Mint, and the Guest Account

I know there's not much new here, but I am amazed that Ubuntu, Linux
Mint and friends ship with a Guest account present and enabled.

The Guest account is surreptitiously added through a lightdm
configuration file, and is not part of the standard user database.
Because its not part of the standard user database, it can't be
disabled through /etc/shadow, nor disable it through familiar tools
such as userdel and usermod. Additionally, the damn account does not
show up in distribution provided tools such as User Accounts applet.

To make matters worse, grepping for guest returns 0 results because
lightdm.conf does not mention one must add the following to disable
the guest account (nothing is required to enable the account):

allow-guest=false

To add insult to injury, the Guest account is not sandboxed and user
home directories lack sufficient ACLs, so the guest account is able to
wander through user's home directories:

guest-dojMxl [at] vb-mint-12-x6 ~ $ pwd
/tmp/guest-dojMxl
guest-dojMxl [at] vb-mint-12-x6 ~ $ whoami
guest-dojMxl
guest-dojMxl [at] vb-mint-12-x6 /home/jwalton $ cd /home/
guest-dojMxl [at] vb-mint-12-x6 /home $ ls -al
total 12
drwxr-xr-x 3 root root 4096 2012-05-05 16:29 .
drwxr-xr-x 23 root root 4096 2012-05-05 16:32 ..
drwxr-xr-x 5 jwalton jwalton 4096 2012-05-05 16:35 jwalton
guest-dojMxl [at] vb-mint-12-x6 ~ $ cd /home/jwalton/
guest-dojMxl [at] vb-mint-12-x6 /home/jwalton $ ls -al
total 28
drwxr-xr-x 5 jwalton jwalton 4096 2012-05-05 16:35 .
drwxr-xr-x 3 root root 4096 2012-05-05 16:29 ..
-rw-r--r-- 1 jwalton jwalton 220 2012-05-05 16:29 .bash_logout
drwx------ 3 jwalton jwalton 4096 2012-05-05 16:35 .cache
drwxr-xr-x 3 jwalton jwalton 4096 2012-05-05 16:29 .config
drwxr-xr-x 4 jwalton jwalton 4096 2012-05-05 16:29 .mozilla
-rw-r--r-- 1 jwalton jwalton 675 2012-05-05 16:29 .profile
...

Is there any reason a KIOSK-like account is enabled by default? Do
KIOSKs really dominate the desktop market to warrant the account out
of the box?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


marcdeslauriers at videotron

May 5, 2012, 4:51 PM

Post #2 of 5 (367 views)
Permalink
Re: Ubuntu, Linux Mint, and the Guest Account [In reply to]

On Sat, 2012-05-05 at 19:42 -0400, Jeffrey Walton wrote:
> I know there's not much new here, but I am amazed that Ubuntu, Linux
> Mint and friends ship with a Guest account present and enabled.
>
> The Guest account is surreptitiously added through a lightdm
> configuration file, and is not part of the standard user database.
> Because its not part of the standard user database, it can't be
> disabled through /etc/shadow, nor disable it through familiar tools
> such as userdel and usermod. Additionally, the damn account does not
> show up in distribution provided tools such as User Accounts applet.
>
> To make matters worse, grepping for guest returns 0 results because
> lightdm.conf does not mention one must add the following to disable
> the guest account (nothing is required to enable the account):
>
> allow-guest=false
>
> To add insult to injury, the Guest account is not sandboxed and user
> home directories lack sufficient ACLs, so the guest account is able to
> wander through user's home directories:

The guest account should be confined with an AppArmor profile on Ubuntu,
which prevents it from accessing other users' directories. Please file a
bug if this isn't working correctly for you.

Marc.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


marc.deslauriers at canonical

May 5, 2012, 4:52 PM

Post #3 of 5 (364 views)
Permalink
Re: Ubuntu, Linux Mint, and the Guest Account [In reply to]

On Sat, 2012-05-05 at 19:42 -0400, Jeffrey Walton wrote:
> I know there's not much new here, but I am amazed that Ubuntu, Linux
> Mint and friends ship with a Guest account present and enabled.
>
> The Guest account is surreptitiously added through a lightdm
> configuration file, and is not part of the standard user database.
> Because its not part of the standard user database, it can't be
> disabled through /etc/shadow, nor disable it through familiar tools
> such as userdel and usermod. Additionally, the damn account does not
> show up in distribution provided tools such as User Accounts applet.
>
> To make matters worse, grepping for guest returns 0 results because
> lightdm.conf does not mention one must add the following to disable
> the guest account (nothing is required to enable the account):
>
> allow-guest=false
>
> To add insult to injury, the Guest account is not sandboxed and user
> home directories lack sufficient ACLs, so the guest account is able to
> wander through user's home directories:

The guest account should be confined with an AppArmor profile on Ubuntu,
which prevents it from accessing other users' directories. Please file a
bug if this isn't working correctly for you.

Marc.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


guninski at guninski

May 7, 2012, 1:40 AM

Post #4 of 5 (343 views)
Permalink
Re: Ubuntu, Linux Mint, and the Guest Account [In reply to]

On Sat, May 05, 2012 at 07:52:25PM -0400, Marc Deslauriers wrote:
> On Sat, 2012-05-05 at 19:42 -0400, Jeffrey Walton wrote:
> > I know there's not much new here, but I am amazed that Ubuntu, Linux
> > Mint and friends ship with a Guest account present and enabled.
> >
> > The Guest account is surreptitiously added through a lightdm
> > configuration file, and is not part of the standard user database.
> > Because its not part of the standard user database, it can't be
> > disabled through /etc/shadow, nor disable it through familiar tools
> > such as userdel and usermod. Additionally, the damn account does not
> > show up in distribution provided tools such as User Accounts applet.
> >
> > To make matters worse, grepping for guest returns 0 results because
> > lightdm.conf does not mention one must add the following to disable
> > the guest account (nothing is required to enable the account):
> >
> > allow-guest=false
> >
> > To add insult to injury, the Guest account is not sandboxed and user
> > home directories lack sufficient ACLs, so the guest account is able to
> > wander through user's home directories:
>
> The guest account should be confined with an AppArmor profile on Ubuntu,
> which prevents it from accessing other users' directories. Please file a
> bug if this isn't working correctly for you.
>
> Marc.
>


i doubt AppArmor stops all root exploits, though i don't care about
your nonsense much

--
Georgi

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


noloader at gmail

Jan 26, 2013, 11:44 AM

Post #5 of 5 (216 views)
Permalink
Re: Ubuntu, Linux Mint, and the Guest Account [In reply to]

It appears the Guest account is still allowed to wander around a
'stock' install of Ubuntu. Below are some examples of information
leakage due to the account.

Surely I'm not the only person who thinks its a bad idea to allow
LightDM (a desktop manager) be a user manager or security manager.

And I can't be the only fellow who thinks its a bad idea that the
account is created in a non-standard way. For example, the account is
not in the standard /etc/passwd or /etc/shadow database; and it cannot
be disabled or removed with `usermod` or `userdel`.

Finally, I can't be the only person who thinks adding the account
surreptitiously is a bad idea. For example, grep'ing 'Guest' returns 0
hits because the lightdm config file lacks a comment on the guest
account (and its enabled by default).

Below is from a fresh Ubuntu Server install:
guest-XuxS7j [at] utilit:/$ uname -a
Linux utility.home.pvt 3.2.0-36-generic-pae #57-Ubuntu SMP Tue Jan 8
22:01:06 UTC 2013 i686 i686 i386 GNU/Linux
guest-XuxS7j [at] utilit:/$ whoami
guest-XuxS7j

Information leak follows:
guest-XuxS7j [at] utilit:/$ cd /home/jeffrey
guest-XuxS7j [at] utilit:/home/jeffrey$ pwd
/home/jeffrey
guest-XuxS7j [at] utilit:/home/jeffrey$ cd Documents
guest-XuxS7j [at] utilit:/home/jeffrey/Documents$

Information leak follows:
guest-XuxS7j [at] utilit:/home/jeffrey/Documents$ $ cat foo-bar.txt
cat: foo-bar.txt: No such file or directory
guest-XuxS7j [at] utilit:/home/jeffrey/Documents$ cat Financial-Results-2012.txt
cat: Financial-Results-2012.txt: Permission denied

Root looks clamped:
guest-XuxS7j [at] utilit:/home/jeffrey/Documents$$ cd /root/
bash: cd: /root/: Permission denied

Perhaps Ubuntu should offer an option to *not* enable the Guest
account at install? Perhaps Ubuntu should encrypt all home directories
by default since the Guest account is allowed to wander the file
system?

And fix the path hack
(https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/868363).
There's no reason this program should be on path. Was this program
acceptance tested? The alternative - removing lightdm - creates an
installation that won't boot properly.

On Sat, May 5, 2012 at 7:42 PM, Jeffrey Walton <noloader [at] gmail> wrote:
> I know there's not much new here, but I am amazed that Ubuntu, Linux
> Mint and friends ship with a Guest account present and enabled.
>
> The Guest account is surreptitiously added through a lightdm
> configuration file, and is not part of the standard user database.
> Because its not part of the standard user database, it can't be
> disabled through /etc/shadow, nor disable it through familiar tools
> such as userdel and usermod. Additionally, the damn account does not
> show up in distribution provided tools such as User Accounts applet.
>
> To make matters worse, grepping for guest returns 0 results because
> lightdm.conf does not mention one must add the following to disable
> the guest account (nothing is required to enable the account):
>
> allow-guest=false
>
> To add insult to injury, the Guest account is not sandboxed and user
> home directories lack sufficient ACLs, so the guest account is able to
> wander through user's home directories:
>
> guest-dojMxl [at] vb-mint-12-x6 ~ $ pwd
> /tmp/guest-dojMxl
> guest-dojMxl [at] vb-mint-12-x6 ~ $ whoami
> guest-dojMxl
> guest-dojMxl [at] vb-mint-12-x6 /home/jwalton $ cd /home/
> guest-dojMxl [at] vb-mint-12-x6 /home $ ls -al
> total 12
> drwxr-xr-x 3 root root 4096 2012-05-05 16:29 .
> drwxr-xr-x 23 root root 4096 2012-05-05 16:32 ..
> drwxr-xr-x 5 jwalton jwalton 4096 2012-05-05 16:35 jwalton
> guest-dojMxl [at] vb-mint-12-x6 ~ $ cd /home/jwalton/
> guest-dojMxl [at] vb-mint-12-x6 /home/jwalton $ ls -al
> total 28
> drwxr-xr-x 5 jwalton jwalton 4096 2012-05-05 16:35 .
> drwxr-xr-x 3 root root 4096 2012-05-05 16:29 ..
> -rw-r--r-- 1 jwalton jwalton 220 2012-05-05 16:29 .bash_logout
> drwx------ 3 jwalton jwalton 4096 2012-05-05 16:35 .cache
> drwxr-xr-x 3 jwalton jwalton 4096 2012-05-05 16:29 .config
> drwxr-xr-x 4 jwalton jwalton 4096 2012-05-05 16:29 .mozilla
> -rw-r--r-- 1 jwalton jwalton 675 2012-05-05 16:29 .profile
> ...
>
> Is there any reason a KIOSK-like account is enabled by default? Do
> KIOSKs really dominate the desktop market to warrant the account out
> of the box?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Full Disclosure full-disclosure RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.