Re: Ubuntu, Linux Mint, and the Guest Account

[Marc Deslauriers <marcdeslauriers () videotron ca>]

On Sat, 2012-05-05 at 19:42 -0400, Jeffrey Walton wrote:
> I know there's not much new here, but I am amazed that Ubuntu, Linux
> Mint and friends ship with a Guest account present and enabled.
>
> The Guest account is surreptitiously added through a lightdm
> configuration file, and is not part of the standard user database.
> Because its not part of the standard user database, it can't be
> disabled through /etc/shadow, nor disable it through familiar tools
> such as userdel and usermod. Additionally, the damn account does not
> show up in distribution provided tools such as User Accounts applet.
>
> To make matters worse, grepping for guest returns 0 results because
> lightdm.conf does not mention one must add the following to disable
> the guest account (nothing is required to enable the account):
>
>     allow-guest=false
>
> To add insult to injury, the Guest account is not sandboxed and user
> home directories lack sufficient ACLs, so the guest account is able to
> wander through user's home directories:

The guest account should be confined with an AppArmor profile on Ubuntu,
which prevents it from accessing other users' directories. Please file a
bug if this isn't working correctly for you.

Marc.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/