on-screen keyboard allows access to user files without login
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| gdm (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
| Karmic |
Invalid
|
High
|
Unassigned | ||
| onboard (Ubuntu) |
Fix Released
|
High
|
Kees Cook | ||
| Karmic |
Fix Released
|
High
|
Kees Cook | ||
Bug Description
Binary package hint: gdm
When you select the on-screen keyboard option in GDM, then click settings and select open layout folder, you are presented with a nautilus window, which - among other things - allows you to view user files (as ubuntu user directories are set to 755 by default). You can even run applications such as Firefox from the login screen! {Btw. these world-readable user directories are as such really disgusting... no modern OS should default to that... :)}
ProblemType: Bug
Architecture: i386
Date: Fri Oct 2 05:25:31 2009
DistroRelease: Ubuntu 9.10
LiveMediaBuild: Ubuntu 9.10 "Karmic Koala" - Beta i386 (20090929.2)
Package: gdm 2.28.0-0ubuntu8
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSign
SourcePackage: gdm
Uname: Linux 2.6.31-11-generic i686
| michal.gregor (michal.gregor) wrote | #1 |
| Kees Cook (kees) wrote | #2 |
| Changed in gdm (Ubuntu): | |
| importance: | Undecided → High |
| status: | New → Triaged |
| milestone: | none → ubuntu-9.10 |
| Changed in onboard (Ubuntu Karmic): | |
| importance: | Undecided → High |
| milestone: | none → ubuntu-9.10 |
| status: | New → Triaged |
| Kees Cook (kees) wrote | #3 |
| Launchpad Janitor (janitor) wrote | #4 |
| Changed in onboard (Ubuntu Karmic): | |
| status: | Triaged → Fix Released |
| visibility: | private → public |
| Changed in gdm (Ubuntu Karmic): | |
| status: | Triaged → Invalid |
| Changed in onboard (Ubuntu Karmic): | |
| assignee: | nobody → Kees Cook (kees) |
Well, at least having the shell as /bin/true slows things down a little, but not much. Thanks for reporting this, we will get this fixed shortly.