It appears the Guest account is still allowed to wander around a 'stock' install of Ubuntu. Below are some examples of information leakage due to the account.
Surely I'm not the only person who thinks its a bad idea to allow LightDM (a desktop manager) be a user manager or security manager. And I can't be the only fellow who thinks its a bad idea that the account is created in a non-standard way. For example, the account is not in the standard /etc/passwd or /etc/shadow database; and it cannot be disabled or removed with `usermod` or `userdel`. Finally, I can't be the only person who thinks adding the account surreptitiously is a bad idea. For example, grep'ing 'Guest' returns 0 hits because the lightdm config file lacks a comment on the guest account (and its enabled by default). Below is from a fresh Ubuntu Server install: guest-XuxS7j@utility:/$ uname -a Linux utility.home.pvt 3.2.0-36-generic-pae #57-Ubuntu SMP Tue Jan 8 22:01:06 UTC 2013 i686 i686 i386 GNU/Linux guest-XuxS7j@utility:/$ whoami guest-XuxS7j Information leak follows: guest-XuxS7j@utility:/$ cd /home/jeffrey guest-XuxS7j@utility:/home/jeffrey$ pwd /home/jeffrey guest-XuxS7j@utility:/home/jeffrey$ cd Documents guest-XuxS7j@utility:/home/jeffrey/Documents$ Information leak follows: guest-XuxS7j@utility:/home/jeffrey/Documents$ $ cat foo-bar.txt cat: foo-bar.txt: No such file or directory guest-XuxS7j@utility:/home/jeffrey/Documents$ cat Financial-Results-2012.txt cat: Financial-Results-2012.txt: Permission denied Root looks clamped: guest-XuxS7j@utility:/home/jeffrey/Documents$$ cd /root/ bash: cd: /root/: Permission denied Perhaps Ubuntu should offer an option to *not* enable the Guest account at install? Perhaps Ubuntu should encrypt all home directories by default since the Guest account is allowed to wander the file system? And fix the path hack (https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/868363). There's no reason this program should be on path. Was this program acceptance tested? The alternative - removing lightdm - creates an installation that won't boot properly. On Sat, May 5, 2012 at 7:42 PM, Jeffrey Walton <[email protected]> wrote: > I know there's not much new here, but I am amazed that Ubuntu, Linux > Mint and friends ship with a Guest account present and enabled. > > The Guest account is surreptitiously added through a lightdm > configuration file, and is not part of the standard user database. > Because its not part of the standard user database, it can't be > disabled through /etc/shadow, nor disable it through familiar tools > such as userdel and usermod. Additionally, the damn account does not > show up in distribution provided tools such as User Accounts applet. > > To make matters worse, grepping for guest returns 0 results because > lightdm.conf does not mention one must add the following to disable > the guest account (nothing is required to enable the account): > > allow-guest=false > > To add insult to injury, the Guest account is not sandboxed and user > home directories lack sufficient ACLs, so the guest account is able to > wander through user's home directories: > > guest-dojMxl@vb-mint-12-x64 ~ $ pwd > /tmp/guest-dojMxl > guest-dojMxl@vb-mint-12-x64 ~ $ whoami > guest-dojMxl > guest-dojMxl@vb-mint-12-x64 /home/jwalton $ cd /home/ > guest-dojMxl@vb-mint-12-x64 /home $ ls -al > total 12 > drwxr-xr-x 3 root root 4096 2012-05-05 16:29 . > drwxr-xr-x 23 root root 4096 2012-05-05 16:32 .. > drwxr-xr-x 5 jwalton jwalton 4096 2012-05-05 16:35 jwalton > guest-dojMxl@vb-mint-12-x64 ~ $ cd /home/jwalton/ > guest-dojMxl@vb-mint-12-x64 /home/jwalton $ ls -al > total 28 > drwxr-xr-x 5 jwalton jwalton 4096 2012-05-05 16:35 . > drwxr-xr-x 3 root root 4096 2012-05-05 16:29 .. > -rw-r--r-- 1 jwalton jwalton 220 2012-05-05 16:29 .bash_logout > drwx------ 3 jwalton jwalton 4096 2012-05-05 16:35 .cache > drwxr-xr-x 3 jwalton jwalton 4096 2012-05-05 16:29 .config > drwxr-xr-x 4 jwalton jwalton 4096 2012-05-05 16:29 .mozilla > -rw-r--r-- 1 jwalton jwalton 675 2012-05-05 16:29 .profile > ... > > Is there any reason a KIOSK-like account is enabled by default? Do > KIOSKs really dominate the desktop market to warrant the account out > of the box? _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
