mailing list archives
Re: Ubuntu, Linux Mint, and the Guest Account
From: Georgi Guninski <guninski () guninski com>
Date: Mon, 7 May 2012 11:40:51 +0300
On Sat, May 05, 2012 at 07:52:25PM -0400, Marc Deslauriers wrote:
On Sat, 2012-05-05 at 19:42 -0400, Jeffrey Walton wrote:
I know there's not much new here, but I am amazed that Ubuntu, Linux
Mint and friends ship with a Guest account present and enabled.
The Guest account is surreptitiously added through a lightdm
configuration file, and is not part of the standard user database.
Because its not part of the standard user database, it can't be
disabled through /etc/shadow, nor disable it through familiar tools
such as userdel and usermod. Additionally, the damn account does not
show up in distribution provided tools such as User Accounts applet.
To make matters worse, grepping for guest returns 0 results because
lightdm.conf does not mention one must add the following to disable
the guest account (nothing is required to enable the account):
To add insult to injury, the Guest account is not sandboxed and user
home directories lack sufficient ACLs, so the guest account is able to
wander through user's home directories:
The guest account should be confined with an AppArmor profile on Ubuntu,
which prevents it from accessing other users' directories. Please file a
bug if this isn't working correctly for you.
i doubt AppArmor stops all root exploits, though i don't care about
your nonsense much
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/