← Back to team overview

dx-packages team mailing list archive

[Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

 

** Also affects: gnome-session (Ubuntu Bionic)
   Importance: High
     Assignee: Sebastien Bacher (seb128)
       Status: Triaged

** Also affects: dconf (Ubuntu Bionic)
   Importance: High
       Status: Triaged

** Also affects: d-conf (Ubuntu Bionic)
   Importance: High
     Assignee: Sebastien Bacher (seb128)
       Status: Triaged

** Also affects: session-migration (Ubuntu Bionic)
   Importance: High
     Assignee: Didier Roche (didrocks)
       Status: Fix Released

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to d-conf in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Triaged
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Triaged
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:	Ubuntu 17.10
  Release:	17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe permissions after the first login:
  drwx------ 11 user user 4096 Dec  2 17:40 .config
  drwx------  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions