Full Disclosure mailing list archives
Re: Ubuntu, Linux Mint, and the Guest Account
From: Marc Deslauriers <marcdeslauriers () videotron ca>
Date: Sat, 05 May 2012 19:51:33 -0400
On Sat, 2012-05-05 at 19:42 -0400, Jeffrey Walton wrote:
I know there's not much new here, but I am amazed that Ubuntu, Linux Mint and friends ship with a Guest account present and enabled. The Guest account is surreptitiously added through a lightdm configuration file, and is not part of the standard user database. Because its not part of the standard user database, it can't be disabled through /etc/shadow, nor disable it through familiar tools such as userdel and usermod. Additionally, the damn account does not show up in distribution provided tools such as User Accounts applet. To make matters worse, grepping for guest returns 0 results because lightdm.conf does not mention one must add the following to disable the guest account (nothing is required to enable the account): allow-guest=false To add insult to injury, the Guest account is not sandboxed and user home directories lack sufficient ACLs, so the guest account is able to wander through user's home directories:
The guest account should be confined with an AppArmor profile on Ubuntu, which prevents it from accessing other users' directories. Please file a bug if this isn't working correctly for you. Marc. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Ubuntu, Linux Mint, and the Guest Account Jeffrey Walton (May 05)
- Re: Ubuntu, Linux Mint, and the Guest Account Marc Deslauriers (May 05)
- Re: Ubuntu, Linux Mint, and the Guest Account Georgi Guninski (May 07)
- Re: Ubuntu, Linux Mint, and the Guest Account Marc Deslauriers (May 05)
- Re: Ubuntu, Linux Mint, and the Guest Account Marc Deslauriers (May 05)