Full Disclosure mailing list archives
Re: Ubuntu, Linux Mint, and the Guest Account
From: Jeffrey Walton <noloader () gmail com>
Date: Sat, 26 Jan 2013 14:44:55 -0500
It appears the Guest account is still allowed to wander around a 'stock' install of Ubuntu. Below are some examples of information leakage due to the account. Surely I'm not the only person who thinks its a bad idea to allow LightDM (a desktop manager) be a user manager or security manager. And I can't be the only fellow who thinks its a bad idea that the account is created in a non-standard way. For example, the account is not in the standard /etc/passwd or /etc/shadow database; and it cannot be disabled or removed with `usermod` or `userdel`. Finally, I can't be the only person who thinks adding the account surreptitiously is a bad idea. For example, grep'ing 'Guest' returns 0 hits because the lightdm config file lacks a comment on the guest account (and its enabled by default). Below is from a fresh Ubuntu Server install: guest-XuxS7j@utility:/$ uname -a Linux utility.home.pvt 3.2.0-36-generic-pae #57-Ubuntu SMP Tue Jan 8 22:01:06 UTC 2013 i686 i686 i386 GNU/Linux guest-XuxS7j@utility:/$ whoami guest-XuxS7j Information leak follows: guest-XuxS7j@utility:/$ cd /home/jeffrey guest-XuxS7j@utility:/home/jeffrey$ pwd /home/jeffrey guest-XuxS7j@utility:/home/jeffrey$ cd Documents guest-XuxS7j@utility:/home/jeffrey/Documents$ Information leak follows: guest-XuxS7j@utility:/home/jeffrey/Documents$ $ cat foo-bar.txt cat: foo-bar.txt: No such file or directory guest-XuxS7j@utility:/home/jeffrey/Documents$ cat Financial-Results-2012.txt cat: Financial-Results-2012.txt: Permission denied Root looks clamped: guest-XuxS7j@utility:/home/jeffrey/Documents$$ cd /root/ bash: cd: /root/: Permission denied Perhaps Ubuntu should offer an option to *not* enable the Guest account at install? Perhaps Ubuntu should encrypt all home directories by default since the Guest account is allowed to wander the file system? And fix the path hack (https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/868363). There's no reason this program should be on path. Was this program acceptance tested? The alternative - removing lightdm - creates an installation that won't boot properly. On Sat, May 5, 2012 at 7:42 PM, Jeffrey Walton <noloader () gmail com> wrote:
I know there's not much new here, but I am amazed that Ubuntu, Linux Mint and friends ship with a Guest account present and enabled. The Guest account is surreptitiously added through a lightdm configuration file, and is not part of the standard user database. Because its not part of the standard user database, it can't be disabled through /etc/shadow, nor disable it through familiar tools such as userdel and usermod. Additionally, the damn account does not show up in distribution provided tools such as User Accounts applet. To make matters worse, grepping for guest returns 0 results because lightdm.conf does not mention one must add the following to disable the guest account (nothing is required to enable the account): allow-guest=false To add insult to injury, the Guest account is not sandboxed and user home directories lack sufficient ACLs, so the guest account is able to wander through user's home directories: guest-dojMxl@vb-mint-12-x64 ~ $ pwd /tmp/guest-dojMxl guest-dojMxl@vb-mint-12-x64 ~ $ whoami guest-dojMxl guest-dojMxl@vb-mint-12-x64 /home/jwalton $ cd /home/ guest-dojMxl@vb-mint-12-x64 /home $ ls -al total 12 drwxr-xr-x 3 root root 4096 2012-05-05 16:29 . drwxr-xr-x 23 root root 4096 2012-05-05 16:32 .. drwxr-xr-x 5 jwalton jwalton 4096 2012-05-05 16:35 jwalton guest-dojMxl@vb-mint-12-x64 ~ $ cd /home/jwalton/ guest-dojMxl@vb-mint-12-x64 /home/jwalton $ ls -al total 28 drwxr-xr-x 5 jwalton jwalton 4096 2012-05-05 16:35 . drwxr-xr-x 3 root root 4096 2012-05-05 16:29 .. -rw-r--r-- 1 jwalton jwalton 220 2012-05-05 16:29 .bash_logout drwx------ 3 jwalton jwalton 4096 2012-05-05 16:35 .cache drwxr-xr-x 3 jwalton jwalton 4096 2012-05-05 16:29 .config drwxr-xr-x 4 jwalton jwalton 4096 2012-05-05 16:29 .mozilla -rw-r--r-- 1 jwalton jwalton 675 2012-05-05 16:29 .profile ... Is there any reason a KIOSK-like account is enabled by default? Do KIOSKs really dominate the desktop market to warrant the account out of the box?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Ubuntu, Linux Mint, and the Guest Account Jeffrey Walton (Jan 26)