*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: gdm I can see there has been some discussion about this already. http://ubuntuforums.org/showthread.php?t=1263757&page=2 - for example However, while on a home desktop computer it may be useful to have a bling face browser login, on a mobile business laptop it most certainly is highly preferable to _not_ display any information about the users configured on a system. The system should NOT revert from not displaying usernames to displaying them, AND IT MUST BE POSSIBLE TO TURN OFF THIS FUNCTIONALITY, currently it is not. Displaying users may inadvertently divulge information about the source of the laptop, and thus increase the desirability of the laptop. It may also divulge information about login ids, which although retrievable by dismantling the computer, is not something that, in general, unix has chosen to display. Looking back even to insecure programs like "telnet", they don't present you with Login (choose one of root, bobj, jim, admin1, system): This is a regression, and should be classified as a security regression. ** Affects: gdm (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- GDM Should not show users before requesting login https://bugs.launchpad.net/bugs/465950 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm in ubuntu. -- desktop-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
