← Back to team overview

dx-packages team mailing list archive

  1. dx-packages team
  2. Mailing list archive
  3. Message #42154

[Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

  Thread PreviousDate PreviousThread Next 
d-conf (0.26.0-2ubuntu3) bionic; urgency=medium

  * 0001-Don-t-create-the-user-config-dir-as-world-readable.patch:
    - create the config dir with permissions 700 so it's not world readable
      (lp: #1735929)

 -- Sebastien Bacher <seb128@xxxxxxxxxx>  Thu, 29 Mar 2018 11:01:28
+0200


uh !! bionic-proposed is already at 0.26.1-3ubuntu2

so 0.26.0-2ubuntu3 is supposed to be uploaded to Artful archive , not
bionic.

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to d-conf in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Committed
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Committed
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:	Ubuntu 17.10
  Release:	17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe permissions after the first login:
  drwx------ 11 user user 4096 Dec  2 17:40 .config
  drwx------  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions
  Thread PreviousDate PreviousThread Next