mailing list archives
Re: Ubuntu, Linux Mint, and the Guest Account
From: Jeffrey Walton <noloader () gmail com>
Date: Sat, 26 Jan 2013 14:44:55 -0500
It appears the Guest account is still allowed to wander around a
'stock' install of Ubuntu. Below are some examples of information
leakage due to the account.
Surely I'm not the only person who thinks its a bad idea to allow
LightDM (a desktop manager) be a user manager or security manager.
And I can't be the only fellow who thinks its a bad idea that the
account is created in a non-standard way. For example, the account is
not in the standard /etc/passwd or /etc/shadow database; and it cannot
be disabled or removed with `usermod` or `userdel`.
Finally, I can't be the only person who thinks adding the account
surreptitiously is a bad idea. For example, grep'ing 'Guest' returns 0
hits because the lightdm config file lacks a comment on the guest
account (and its enabled by default).
Below is from a fresh Ubuntu Server install:
guest-XuxS7j () utility:/$ uname -a
Linux utility.home.pvt 3.2.0-36-generic-pae #57-Ubuntu SMP Tue Jan 8
22:01:06 UTC 2013 i686 i686 i386 GNU/Linux
guest-XuxS7j () utility:/$ whoami
Information leak follows:
guest-XuxS7j () utility:/$ cd /home/jeffrey
guest-XuxS7j () utility:/home/jeffrey$ pwd
guest-XuxS7j () utility:/home/jeffrey$ cd Documents
guest-XuxS7j () utility:/home/jeffrey/Documents$
Information leak follows:
guest-XuxS7j () utility:/home/jeffrey/Documents$ $ cat foo-bar.txt
cat: foo-bar.txt: No such file or directory
guest-XuxS7j () utility:/home/jeffrey/Documents$ cat Financial-Results-2012.txt
cat: Financial-Results-2012.txt: Permission denied
Root looks clamped:
guest-XuxS7j () utility:/home/jeffrey/Documents$$ cd /root/
bash: cd: /root/: Permission denied
Perhaps Ubuntu should offer an option to *not* enable the Guest
account at install? Perhaps Ubuntu should encrypt all home directories
by default since the Guest account is allowed to wander the file
And fix the path hack
There's no reason this program should be on path. Was this program
acceptance tested? The alternative - removing lightdm - creates an
installation that won't boot properly.
On Sat, May 5, 2012 at 7:42 PM, Jeffrey Walton <noloader () gmail com> wrote:
I know there's not much new here, but I am amazed that Ubuntu, Linux
Mint and friends ship with a Guest account present and enabled.
The Guest account is surreptitiously added through a lightdm
configuration file, and is not part of the standard user database.
Because its not part of the standard user database, it can't be
disabled through /etc/shadow, nor disable it through familiar tools
such as userdel and usermod. Additionally, the damn account does not
show up in distribution provided tools such as User Accounts applet.
To make matters worse, grepping for guest returns 0 results because
lightdm.conf does not mention one must add the following to disable
the guest account (nothing is required to enable the account):
To add insult to injury, the Guest account is not sandboxed and user
home directories lack sufficient ACLs, so the guest account is able to
wander through user's home directories:
guest-dojMxl () vb-mint-12-x64 ~ $ pwd
guest-dojMxl () vb-mint-12-x64 ~ $ whoami
guest-dojMxl () vb-mint-12-x64 /home/jwalton $ cd /home/
guest-dojMxl () vb-mint-12-x64 /home $ ls -al
drwxr-xr-x 3 root root 4096 2012-05-05 16:29 .
drwxr-xr-x 23 root root 4096 2012-05-05 16:32 ..
drwxr-xr-x 5 jwalton jwalton 4096 2012-05-05 16:35 jwalton
guest-dojMxl () vb-mint-12-x64 ~ $ cd /home/jwalton/
guest-dojMxl () vb-mint-12-x64 /home/jwalton $ ls -al
drwxr-xr-x 5 jwalton jwalton 4096 2012-05-05 16:35 .
drwxr-xr-x 3 root root 4096 2012-05-05 16:29 ..
-rw-r--r-- 1 jwalton jwalton 220 2012-05-05 16:29 .bash_logout
drwx------ 3 jwalton jwalton 4096 2012-05-05 16:35 .cache
drwxr-xr-x 3 jwalton jwalton 4096 2012-05-05 16:29 .config
drwxr-xr-x 4 jwalton jwalton 4096 2012-05-05 16:29 .mozilla
-rw-r--r-- 1 jwalton jwalton 675 2012-05-05 16:29 .profile
Is there any reason a KIOSK-like account is enabled by default? Do
KIOSKs really dominate the desktop market to warrant the account out
of the box?
Fun and Misc security discussion for OT posts.
Note: funsec is a public and open mailing list.
- Re: Ubuntu, Linux Mint, and the Guest Account Jeffrey Walton (Jan 26)