Why is it a foregone conclusion that all users will have physical access to more than a dumb terminal? Is this Microsoft Windows or something?
--- On Fri, 9/3/10, Jamie Strandboge <ja...@ubuntu.com> wrote: From: Jamie Strandboge <ja...@ubuntu.com> Subject: [Bug 618513] Re: gdm allows shutdown when other accounts open To: whatmeurg...@yahoo.com Date: Friday, September 3, 2010, 4:39 PM Unmarking this as a security bug since someone with physical access can turn off the machine via other methods. From https://wiki.ubuntu.com/SecurityTeam/Policies#Reasonable%20Physical%20Access: "While every attempt is made to securely isolate physically local users of a shared computer from one another, the stock Ubuntu installation is not intended to block an attacker with physical access." ** This bug is no longer flagged as a security vulnerability -- gdm allows shutdown when other accounts open https://bugs.launchpad.net/bugs/618513 You received this bug notification because you are a direct subscriber of the bug. Status in “gdm” package in Ubuntu: New Bug description: Binary package hint: gdm 00] Environment - two users logged in. There is a dedicated root-user account, with a dedicated password, and the other users have NO sudoer privileges. 01] User#1 request to shut down the machine using gnome panel applet 02] response is a black screen with authorization window requiring password (picture of keys on left side) and warning that another user is logged in. [[ BTW ### Nothing in the message states which of the three passwords are being requested! ]] 03] Each of the three passwords are tried at least once [[ BTW ### None of the passwords are REPORTED to have been accepted ]] 04] After a final shudder and claim that the password could NOT be authenticated, the authentication window disappears, and the GDM greeter screen appears. [[ HUH?! Did it just 'give up', or did it mis-report a proper password authentification as improper? If so, which password? ]] 05] The GDM greeter allows the computer to be shut down using the button on the right side of the lower panel. [[ But this happedned without authentification !! ]] ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: gdm 2.30.2.is.2.30.0-0ubuntu3 [modified: usr/share/gdm/gdm-greeter-login-window.ui] ProcVersionSignature: Ubuntu 2.6.32-24.39-hostname 2.6.32.15+drm33.5 Uname: Linux 2.6.32-24-generic i686 Architecture: i386 Date: Mon Aug 16 01:07:03 2010 InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429) ProcEnviron: LANG=en_US.utf8 SHELL=/bin/bash SourcePackage: gdm To unsubscribe from this bug, go to: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/618513/+subscribe -- gdm allows shutdown when other accounts open https://bugs.launchpad.net/bugs/618513 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gdm in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
