← Back to team overview

desktop-packages team mailing list archive

  1. desktop-packages team
  2. Mailing list archive
  3. Message #67130

[Bug 882862] Re: Guest account can read/write in /media/

  Thread PreviousDate PreviousThread Next 
precise got a new version now, should be fixed there:

lightdm (1.1.1-0ubuntu1) precise; urgency=low

  * New upstream release:
    * Support PAM requesting a change of password (lp: #911597)
    * Support for reading users' backgrounds from Accounts Service
      (lp: #844081)
    * Switching to a user without a password bypasses the greeter
      (lp: #861177)
    * Move the GTK+ and Qt greeters into their own projects
  * Drop the gtk and qt greeters packaging files from this source
  * debian/liblightdm-gobject-1-0.symbols:
    - list new lightdm_user_get_background symbol
  * debian/patches/04_CVE-2011-4105.patch,
    debian/patches/05_CVE-2011-3153.patch,
    debian/patches/09_show_lang_chooser_option.patch,
    debian/patches/10_available_languages.patch,
    debian/patches/11_set_language_in_accountsservice.patch:
    - dropped, those issues are fixed in the new version or apply to the
      gtk greeter which is moved to its own source
  * debian/rules:
    - install lightdm-set-defaults back to its previous location


** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2011-3153

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-4105

** Changed in: lightdm (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/882862

Title:
  Guest account can read/write in /media/

Status in “lightdm” package in Ubuntu:
  Fix Released

Bug description:
  The guest account can everything under /media/.
  Is the guest account really supposed to be able to access and read all the files on the host computer?

  If yes, then is the guest account really really supposed to be able to write to /media/ ?
  Shouldn't the guest be limited to his temporary home in /tmp/ ?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/882862/+subscriptions
  Thread PreviousDate PreviousThread Next