back to article Mi casa es su casa: Ubuntu bug makes 'guests' anything but

Recent versions of the Ubuntu Linux distro fail to limit system access for guest accounts. This according to developer Tyler Hicks, who reported a bug that allows guest users to roam free of the confines expected to be placed on system access for guests. Ideally, guest users should be restricted to a small temporary …

  1. frank ly

    More work

    "Ubuntu's default settings allow users to read other local users' files ..."

    That's another bad thing but at least the 'administrator' can modify and lock down any inter-user access.

    1. Anonymous Coward
      Anonymous Coward

      Re: More work

      I'm impressed.

      Something permissions wise that Windows does better.

      1. Daniel B.

        Re: More work

        Actually, a properly configured Linux system has user directories permissions set as 640 by default.

        1. Peter Rathlev

          Re: More work

          "... directories permissions set as 640 by default".

          That would of course be 0750.

  2. Paul Crawford Silver badge

    Flaky guest account

    The "guest account" has always been a mixed bag as far as security is concerned, but clearly someone has screwed up here and deserves to be spanked. A systemd-related change perhaps?

    On the one hand it is a good idea that guests can use a machine without widespread access, and once they log out their own privacy is maintained by deleting the account. However, there are some aspects that are security issues (I guess why GCHQ advise disabling it):

    1) If using a corporate VPN on boot, then they are in without user log in (even if internal resources should be checking credentials as well)

    2) Typically the guest area is a fuse loop-back mount in /tmp but that allows execution even if /tmp has been mounted noexec, etc.

    3) The implementation creates random-ish UID/GID values but on a system crash (think - person switching off machine without guest logging off) these accumulate as they don't get purged.

    See also https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1604-lts where they also advise that all usual user accounts should have 'other' access removes (e.g. chmod o-rx /home/*)

    1. gypsythief

      Re: Flaky guest account

      "A systemd-related change perhaps?"

      Yay! Poettering's Law* invoked by the second comment!

      *Poettering's Law: the idea that as an online discussion grows longer about a flaw in Linux, eventually _someone_ will blame systemd**

      (**Not that I like it either.)

      1. Paul Crawford Silver badge

        Re: Flaky guest account

        Well considering the number of things that systemd forced changes upon that were then broken, its a reasonable starting point:

        https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1535840

        https://bugs.launchpad.net/ubuntu/+source/watchdog/+bug/1448924

        https://bugs.launchpad.net/ubuntu/+source/watchdog/+bug/1535854

      2. Anonymous Coward
        Anonymous Coward

        Re: Poettering's Law

        It's Godwin's not Hitler's Law ergo it shouldn't be Poettering's Law.

        And coming back to Linux after nearly 15 years* away, Poettering the Tool has been responsible for the only issues I've had in the last 12 months; system-fucking-d and bastard pulse audio, can't Microsoft give him a job? Or Facebook? Or Google? Please won't someone give him a job so he doesn't meddle with Linux

        *Not at Her Majesty's, just seduced by the Dark Side

      3. DropBear

        Re: Flaky guest account

        "Yay! Poettering's Law* invoked by the second comment!"

        Except Godwin is not applicable if you're actually discussing Nazis, so neither is "Poettering", considering this really does look like a systemd issue: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1663157

      4. Redstone

        Re: Poettering's Law*

        of course people are going to blame systemd, given how much software has it as a dependency. That is kind of what forced so many distros to adopt it in the first place...

        1. bombastic bob Silver badge
          Devil

          Re: Poettering's Law*

          I just loaded Mate on FBSD 11 along with a bunch of other stuff. no systemd here... though 'atril' gave me a ration of crap when I tried to run it from a different user, the way I always do - you know, log into a mate shell, "su - whateveruser", then "setenv DISPLAY localhost:0.0" (already ran xhost +localhost), then you can use "that user" with whatever GUI stuff you want... except Atril choked on it for some reason related to dbus. But it works fine when run as the logged in user. I blame SYSTEMD DEPENDENCIES in the application! [I suspect that workarounds are patched into the various applications that *FEEL* they need systemd]

      5. Doctor Syntax Silver badge

        Re: Flaky guest account

        Poettering's Law: the idea that as an online discussion grows longer about a flaw in Linux, eventually _someone_ will irrefutably pin the blame on systemd

        FTFT

      6. Mage Silver badge

        Re: Flaky guest account

        Just disable Guest. ON EVERY OS

        Though Win 1.x 2.x 3.x, Win9x you only had to hit cancel. The log on only affected network access.

    2. oiseau
      Facepalm

      Re: Flaky guest account

      Hello:

      "A systemd-related change perhaps?"

      Really can't say ...

      But would not be at all surprised if it were so.

      Cheers and a good weekend.

    3. Fatman

      Re: Flaky guest account

      <quote>See also https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1604-lts where they also advise that all usual user accounts should have 'other' access removes (e.g. chmod o-rx /home/*)</quote>

      I can think of one reason why you would not want to do that: """shared"""1 files.

      I have some 'media files' located on my home partition that I want to make available to a 'guest' user, or others who have accounts on the box.

      1 In the sense that I "own" the files, and have set the 'others' permissions to 'r--' (read only). this way, valuable disk space isn't eaten up by duplicates.

  3. Anonymous Coward
    Anonymous Coward

    "We can only imagine the pointing and laughing"

    As the comments so far demonstrate, it will go mostly unnoticed, after all only those using Ubuntu among the 2.4% of Linux desktop users are impacted... so, really, a very limited issue...

    1. Kurt Meyer

      Re: "We can only imagine the pointing and laughing"

      @ LDS

      "after all only those using Ubuntu among the 2.4% of Linux desktop users are impacted ..."

      Correct me if I'm wrong, but I seem to recall that there is a distribution derived from Ubuntu, or perhaps I misremember.

      1. Korev Silver badge

        Re: "We can only imagine the pointing and laughing"

        Yep, Mint. I don't know if it's affected by this though.

        1. wub

          Re: "We can only imagine the pointing and laughing"

          "Yep, Mint. I don't know if it's affected by this though."

          For once, I think this is a security problem that does not include Mint. At any rate the instance of Mint on this laptop does not have a guest account, and I'm pretty sure that is stock, not my handiwork. Could be wrong, and I'm sure someone will be happy to point out if I am.

      2. Ben Trabetere

        Re: "We can only imagine the pointing and laughing"

        @ Kurt Meyer

        "Correct me if I'm wrong, but I seem to recall that there is a distribution derived from Ubuntu, or perhaps I misremember."

        Aren't all of them based on Ubuntu LTS? The affected versions are not LTS.

        1. Kurt Meyer

          Re: "We can only imagine the pointing and laughing"

          @ Ben Trabetere

          Thanks Ben, you are correct, I plead guilty to skimming the article. I should have read it more carefully.

    2. Scroticus Canis
      Facepalm

      Re: "We can only imagine the pointing and laughing"

      Artful Aardvark or Abject Aardvark? ROFL.

  4. Korev Silver badge

    SSH?

    The bug, of course, could be considered a security flaw as it would allow anyone with local access to an Ubuntu machine access to any sensitive files and data on the host machine.

    Does Ubuntu* restrict guest logins to users sitting physically on the machine or can anyone with SSH or a remote vulnerability get in?

    *More of a RHEL man myself, hence the question

  5. present_arms

    Not on Ubuntu so I don't know the definitive answer, but having guest as a SSH enabled user would be a brain dead thing to do to me, especially with the way Ubuntu handles sudo.

  6. Andrew Jones 2

    It's bad - but it's not like the ludicrous decision of Microsoft in Windows XP to launch the Accessibility tools with SYSTEM account privileges when you click on the button on the login screen - which of course enables someone with a USB flash disk - to boot to anything that lets you access the filesystem rename Utilman make a copy of cmd called Utilman and reboot - and then of course at the login screen click the button and change the password of any account on the system.

    Reading other users' files is bad - but it's not complete system ownership in 60 seconds. (Something which by the way - even now - still hasn't been patched)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like