More work
"Ubuntu's default settings allow users to read other local users' files ..."
That's another bad thing but at least the 'administrator' can modify and lock down any inter-user access.
Recent versions of the Ubuntu Linux distro fail to limit system access for guest accounts. This according to developer Tyler Hicks, who reported a bug that allows guest users to roam free of the confines expected to be placed on system access for guests. Ideally, guest users should be restricted to a small temporary …
The "guest account" has always been a mixed bag as far as security is concerned, but clearly someone has screwed up here and deserves to be spanked. A systemd-related change perhaps?
On the one hand it is a good idea that guests can use a machine without widespread access, and once they log out their own privacy is maintained by deleting the account. However, there are some aspects that are security issues (I guess why GCHQ advise disabling it):
1) If using a corporate VPN on boot, then they are in without user log in (even if internal resources should be checking credentials as well)
2) Typically the guest area is a fuse loop-back mount in /tmp but that allows execution even if /tmp has been mounted noexec, etc.
3) The implementation creates random-ish UID/GID values but on a system crash (think - person switching off machine without guest logging off) these accumulate as they don't get purged.
See also https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1604-lts where they also advise that all usual user accounts should have 'other' access removes (e.g. chmod o-rx /home/*)
Well considering the number of things that systemd forced changes upon that were then broken, its a reasonable starting point:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1535840
https://bugs.launchpad.net/ubuntu/+source/watchdog/+bug/1448924
https://bugs.launchpad.net/ubuntu/+source/watchdog/+bug/1535854
It's Godwin's not Hitler's Law ergo it shouldn't be Poettering's Law.
And coming back to Linux after nearly 15 years* away, Poettering the Tool has been responsible for the only issues I've had in the last 12 months; system-fucking-d and bastard pulse audio, can't Microsoft give him a job? Or Facebook? Or Google? Please won't someone give him a job so he doesn't meddle with Linux
*Not at Her Majesty's, just seduced by the Dark Side
"Yay! Poettering's Law* invoked by the second comment!"
Except Godwin is not applicable if you're actually discussing Nazis, so neither is "Poettering", considering this really does look like a systemd issue: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/1663157
I just loaded Mate on FBSD 11 along with a bunch of other stuff. no systemd here... though 'atril' gave me a ration of crap when I tried to run it from a different user, the way I always do - you know, log into a mate shell, "su - whateveruser", then "setenv DISPLAY localhost:0.0" (already ran xhost +localhost), then you can use "that user" with whatever GUI stuff you want... except Atril choked on it for some reason related to dbus. But it works fine when run as the logged in user. I blame SYSTEMD DEPENDENCIES in the application! [I suspect that workarounds are patched into the various applications that *FEEL* they need systemd]
<quote>See also https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1604-lts where they also advise that all usual user accounts should have 'other' access removes (e.g. chmod o-rx /home/*)</quote>
I can think of one reason why you would not want to do that: """shared"""1 files.
I have some 'media files' located on my home partition that I want to make available to a 'guest' user, or others who have accounts on the box.
1 In the sense that I "own" the files, and have set the 'others' permissions to 'r--' (read only). this way, valuable disk space isn't eaten up by duplicates.
"Yep, Mint. I don't know if it's affected by this though."
For once, I think this is a security problem that does not include Mint. At any rate the instance of Mint on this laptop does not have a guest account, and I'm pretty sure that is stock, not my handiwork. Could be wrong, and I'm sure someone will be happy to point out if I am.
The bug, of course, could be considered a security flaw as it would allow anyone with local access to an Ubuntu machine access to any sensitive files and data on the host machine.
Does Ubuntu* restrict guest logins to users sitting physically on the machine or can anyone with SSH or a remote vulnerability get in?
*More of a RHEL man myself, hence the question
It's bad - but it's not like the ludicrous decision of Microsoft in Windows XP to launch the Accessibility tools with SYSTEM account privileges when you click on the button on the login screen - which of course enables someone with a USB flash disk - to boot to anything that lets you access the filesystem rename Utilman make a copy of cmd called Utilman and reboot - and then of course at the login screen click the button and change the password of any account on the system.
Reading other users' files is bad - but it's not complete system ownership in 60 seconds. (Something which by the way - even now - still hasn't been patched)