Security flaw in Ubuntu login screen could let anyone access your files (OMG! Ubuntu!)
If you’re running a fully up-to-date system you do not need to panic. Canonical has already pushed out a update that temporarily disables Ubuntu guest session logins (so if you noticed it was missing, that’s why)." See the bug report for details on this issue, which was reported in February.
Posted May 16, 2017 16:20 UTC (Tue)
by ledow (guest, #11753)
[Link] (1 responses)
"I don't see a way to get `systemd --user` to transition to another profile when launching processes inside of the session but I could be missing something."
Sigh.
Though I suppose there is a chance it was simple user-error, someone hasn't been checking the security despite there being names mentioned for having worked on "guests with systemd", and systemd doesn't appear to offer the flexibility available under previous systems, and some sensible change is still pending to the point that they just turn off the functionality entirely.
It also smells suspiciously like - however this is just conjecture - the difficulties in setting up AppArmor profiles for systemd guest sessions meant that in the end someone just left it "unconfined" in order to make it work properly.
The levels of complexity involved in logging in a temporal, limited guest user on a working system seem to be vastly complicated by the security infrastructure in place, not helped by it.
Would an "ordinary user" on a classic-init system even with AppArmor really be that difficult to constrain?
Posted May 16, 2017 18:31 UTC (Tue)
by tyhicks (subscriber, #39069)
[Link]
Before 16.10, upstart was happy to let LightDM be fully in charge of spawning processes for the guest session and AppArmor confinement was automatically set up when the /usr/lib/lightdm/lightdm-guest-session binary was executed.
When user sessions moved under systemd in 16.10, some of the processes for the guest session were spawned by systemd and some continued to be spawned by LightDM. The processes spawned by LightDM were confined but the processes spawned by systemd weren't confined because they weren't configured to be confined. It was an oversight that nobody caught. I only noticed when walking through the test plan for uploading a new apparmor package to Ubuntu.
As for AppArmor confinement of an "ordinary user", it is possible today with pam_apparmor and there are users that do it in production environments. However, there aren't a lot of users that use it and it isn't quite as polished as it should be.
Posted May 16, 2017 22:29 UTC (Tue)
by ramast (guest, #98631)
[Link] (3 responses)
Posted May 16, 2017 22:52 UTC (Tue)
by jbicha (subscriber, #75043)
[Link] (1 responses)
Posted May 17, 2017 15:17 UTC (Wed)
by rriggs (guest, #11598)
[Link]
Posted May 18, 2017 13:42 UTC (Thu)
by tao (subscriber, #17563)
[Link]
Posted May 17, 2017 1:46 UTC (Wed)
by biergaizi (guest, #92498)
[Link] (1 responses)
Posted May 17, 2017 3:27 UTC (Wed)
by BlueLightning (subscriber, #38978)
[Link]
Security flaw in Ubuntu login screen could let anyone access your files (OMG! Ubuntu!)
Security flaw in Ubuntu login screen could let anyone access your files (OMG! Ubuntu!)
Security flaw in Ubuntu login screen could let anyone access your files (OMG! Ubuntu!)
Security flaw in Ubuntu login screen could let anyone access your files (OMG! Ubuntu!)
Security flaw in Ubuntu login screen could let anyone access your files (OMG! Ubuntu!)
Security flaw in Ubuntu login screen could let anyone access your files (OMG! Ubuntu!)
Security flaw in Ubuntu login screen could let anyone access your files (OMG! Ubuntu!)
Security flaw in Ubuntu login screen could let anyone access your files (OMG! Ubuntu!)