← Back to team overview

kernel-packages team mailing list archive

  1. kernel-packages team
  2. Mailing list archive
  3. Message #178814

[Bug 297635] Re: Any user can manage bluetooth devices

  Thread PreviousDate PreviousThread Next 
This is reported against an old version of Ubuntu and many things has
changed since then. Because of that we won't fix this issue however if
this behavior repeats on a modern version please fill a bug report
against it and we will take it from there.

** Changed in: bluez (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to bluez in Ubuntu.
https://bugs.launchpad.net/bugs/297635

Title:
  Any user can manage bluetooth devices

Status in bluez package in Ubuntu:
  Invalid

Bug description:
  Binary package hint: bluez-gnome

  This is on Ubuntu 8.10. Using the new Guest session I can manage
  bluetooth devices, e.g. delete them, and the change impacts other
  users on the system.

  Steps to replicate:
  1. Log in as guest.
  2. Go to System -> Preferences -> Bluetooth
  3. Pair with a new device or delete an existing device.
  4. Log out and log in with a regular user. The device list is changed!

  Expected behaviour:
  1. The Guest user should not be able to delete bluetooth devices added by other users!
  2. Potentially, bluetooth devices added by the Guest user should not be added for other users as well and/or retained after the Guest user has logged out.

  Possible solution:
  Create a system-wide bluetooth device/settings list and per-user bluetooth device/settings lists. This way system-critical bluetooth devices can be available to all users (e.g. mouse and keyboard), but can only be added/deleted by root (and any device could be marked as such directly from the bluetooth panel by giving the sudo password), and each user has their own bluetooth devices which they can add/delete at will. This way any bluetooth devices added by Guest would be erased after they log out and would not show up for other users at all.

  This "per user" behavour would be expected from an application which
  can be run by any user without giving the sudo/root password.

  Maybe I should report this directly to the maintainers of bluez-gnome
  as well?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/297635/+subscriptions
  Thread PreviousDate PreviousThread Next