dx-packages team mailing list archive

Thread
Date

[Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

To: dx-packages@xxxxxxxxxxxxxxxxxxx
From: Jeremy Bicha <jeremy@xxxxxxxxx>
Date: Thu, 29 Mar 2018 12:27:15 -0000
Reply-to: Bug 1735929 <1735929@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

dino99, we can't easily just set the version higher since the
autopkgtest issue is triggered by 0.26.1 and higher versions.

http://autopkgtest.ubuntu.com/packages/n/notify-osd/bionic/armhf

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to d-conf in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Committed
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Committed
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:	Ubuntu 17.10
  Release:	17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe permissions after the first login:
  drwx------ 11 user user 4096 Dec  2 17:40 .config
  drwx------  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions