Thanks for taking the time to report this bug and helping to make Ubuntu
better. This is not a bug, but rather expected behavior:
https://wiki.ubuntu.com/SecurityTeam/FAQ#Rescue_Mode
Please feel free to report any other bugs you may find.
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
** Visibility changed to: Public
** This bug is no longer flagged as a security vulnerability
** Changed in: gnome-session (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/974501
Title:
root access on tty7 after Gnome3 crash
Status in “gnome-session” package in Ubuntu:
Invalid
Bug description:
Pardon my bad english.
> lsb_release -rd
Description: Ubuntu 11.10
Release: 11.10
After Gnome3 crashed and Restarting the Console via [ALT]+[SysRQ]+[K]
I expected gdm running on tty7, showing login prompt.
Instead, I found root already logged in on tty7 and gdm running on
tty8.
To reproduce this bug, I do the following:
1. reboot
2. log in as an unprivileged user in gdm using GNOME Session
3. Navigate to https://extensions.gnome.org/#page=2 and activate the CPU
Temperature Indicator (which I know will not work due to lack of lm-sensors
support in my Laptop). Other things to make Gnome crash will probably work as
well.
4. Gnome will crash as expected
5. Press [ALT}+[SysRq]+K to Restart the tty7
6. Via [CTRL]+[ALT]+[F1] to Via [CTRL]+[ALT]+[F8] I observe the following:
tty1-6 show the login promt. GDM now running on tty8 !
tty7 shows:
===================================
General error mounting file systems.
A maintainance shell will now be started.
CONTROL-D will terminate this shell and reboot the system.
root@Theoderich:~#
===================================
where Theoderich is my hostname. The screen is messed up a little but
I can type shell comands. From this prompt I could execute any root
command though I never authenticated via sudo or login-as-root
Using the above steps I can safely reproduce this "maintainance shell"
on tty7. I have observed it on other occasions as well, generally
connected to a previous Gnome 3 Crash. For example when using the
compiz-fusion-icon, which, of course, is stupid, but gives me root
access on tty7. I dont't think it is just a matter of gnome shell
extensions because I observed the root access on other occasions as
well, not knowing then how to reproduce this.
Linux should not allow gnome or any other application to open a root
shell (even not a maintainance shell) without authentication.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-session/+bug/974501/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
