Re: Ubuntu, Linux Mint, and the Guest Account

[Jeffrey Walton <noloader () gmail com>]

It appears the Guest account is still allowed to wander around a
'stock' install of Ubuntu. Below are some examples of information
leakage due to the account.

Surely I'm not the only person who thinks its a bad idea to allow
LightDM (a desktop manager) be a user manager or security manager.

And I can't be the only fellow who thinks its a bad idea that the
account is created in a non-standard way. For example, the account is
not in the standard /etc/passwd or /etc/shadow database; and it cannot
be disabled or removed with `usermod` or `userdel`.

Finally, I can't be the only person who thinks adding the account
surreptitiously is a bad idea. For example, grep'ing 'Guest' returns 0
hits because the lightdm config file lacks a comment on the guest
account (and its enabled by default).

Below is from a fresh Ubuntu Server install:
guest-XuxS7j@utility:/$ uname -a
Linux utility.home.pvt 3.2.0-36-generic-pae #57-Ubuntu SMP Tue Jan 8
22:01:06 UTC 2013 i686 i686 i386 GNU/Linux
guest-XuxS7j@utility:/$ whoami
guest-XuxS7j

Information leak follows:
guest-XuxS7j@utility:/$ cd /home/jeffrey
guest-XuxS7j@utility:/home/jeffrey$ pwd
/home/jeffrey
guest-XuxS7j@utility:/home/jeffrey$ cd Documents
guest-XuxS7j@utility:/home/jeffrey/Documents$

Information leak follows:
guest-XuxS7j@utility:/home/jeffrey/Documents$ $ cat foo-bar.txt
cat: foo-bar.txt: No such file or directory
guest-XuxS7j@utility:/home/jeffrey/Documents$ cat Financial-Results-2012.txt
cat: Financial-Results-2012.txt: Permission denied

Root looks clamped:
guest-XuxS7j@utility:/home/jeffrey/Documents$$ cd /root/
bash: cd: /root/: Permission denied

Perhaps Ubuntu should offer an option to *not* enable the Guest
account at install? Perhaps Ubuntu should encrypt all home directories
by default since the Guest account is allowed to wander the file
system?

And fix the path hack
(https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/868363).
There's no reason this program should be on path. Was this program
acceptance tested? The alternative - removing lightdm - creates an
installation that won't boot properly.

On Sat, May 5, 2012 at 7:42 PM, Jeffrey Walton <noloader () gmail com> wrote:
> I know there's not much new here, but I am amazed that Ubuntu, Linux
> Mint and friends ship with a Guest account present and enabled.
>
> The Guest account is surreptitiously added through a lightdm
> configuration file, and is not part of the standard user database.
> Because its not part of the standard user database, it can't be
> disabled through /etc/shadow, nor disable it through familiar tools
> such as userdel and usermod. Additionally, the damn account does not
> show up in distribution provided tools such as User Accounts applet.
>
> To make matters worse, grepping for guest returns 0 results because
> lightdm.conf does not mention one must add the following to disable
> the guest account (nothing is required to enable the account):
>
>     allow-guest=false
>
> To add insult to injury, the Guest account is not sandboxed and user
> home directories lack sufficient ACLs, so the guest account is able to
> wander through user's home directories:
>
> guest-dojMxl@vb-mint-12-x64 ~ $ pwd
> /tmp/guest-dojMxl
> guest-dojMxl@vb-mint-12-x64 ~ $ whoami
> guest-dojMxl
> guest-dojMxl@vb-mint-12-x64 /home/jwalton $ cd /home/
> guest-dojMxl@vb-mint-12-x64 /home $ ls -al
> total 12
> drwxr-xr-x  3 root    root    4096 2012-05-05 16:29 .
> drwxr-xr-x 23 root    root    4096 2012-05-05 16:32 ..
> drwxr-xr-x  5 jwalton jwalton 4096 2012-05-05 16:35 jwalton
> guest-dojMxl@vb-mint-12-x64 ~ $ cd /home/jwalton/
> guest-dojMxl@vb-mint-12-x64 /home/jwalton $ ls -al
> total 28
> drwxr-xr-x 5 jwalton jwalton 4096 2012-05-05 16:35 .
> drwxr-xr-x 3 root    root    4096 2012-05-05 16:29 ..
> -rw-r--r-- 1 jwalton jwalton  220 2012-05-05 16:29 .bash_logout
> drwx------ 3 jwalton jwalton 4096 2012-05-05 16:35 .cache
> drwxr-xr-x 3 jwalton jwalton 4096 2012-05-05 16:29 .config
> drwxr-xr-x 4 jwalton jwalton 4096 2012-05-05 16:29 .mozilla
> -rw-r--r-- 1 jwalton jwalton  675 2012-05-05 16:29 .profile
> ...
>
>  Is there any reason a KIOSK-like account is enabled by default? Do
> KIOSKs really dominate the desktop market to warrant the account out
> of the box?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/