I double checked there is no guest account but I did a grep for guest in /etc/ and found that a temporary guest account was created then deleted.
*r...@amdx4home[~] #grep guest /etc/* /etc/at.deny:guest /etc/bash_completion:# of Ubuntu's (and Debian's? :() inner weirdness? :) -- David (hanska-guest) grep: /etc/blkid.tab: No such file or directory /etc/group-:guest:x:123: /etc/gshadow-:guest:!:: /etc/passwd-:guest:x:115:123:Guest,,,:/tmp/guest-home.EUt4Kx:/bin/bash /etc/shadow-:guest:*:14892:0:99999:7::: * Check the times for the files* r...@amdx4home[~] #ll /etc/passwd* -rw-r--r-- 1 root root 1.9K 2010-10-09 21:09 /etc/passwd -rw------- 1 root root 2.0K 2010-10-09 20:30 /etc/passwd- * Some how users have found a way to automatically create a guest account that is deleted when they log out. I am continuing to search Google but so far I have not found any information about this great new Ubuntu feature that lets users bypass the security system as setup by the root user. On Sat, Oct 9, 2010 at 9:16 PM, Royce Souther <[email protected]> wrote: > I just found out that anonymous users can login to Ubuntu system even if > they do not have an account. They login to Ubuntu 9.10 as user *guest* but > there is no such account. > > What the hell? This is a very bad security hole. > How is this possible? > How can I stop it? > > -- > Easy, fast GUI development. > http://PerlQt.wikidot.com > -- Easy, fast GUI development. http://PerlQt.wikidot.com
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
