This bug was fixed in the package lightdm - 1.8.4-0ubuntu1
---------------
lightdm (1.8.4-0ubuntu1) saucy-security; urgency=low
[ Marc Deslauriers ]
* SECURITY UPDATE: improper guest account confinement (LP: #1243339)
- CVE-2013-4459
[ Robert Ancell ]
* New upstream release:
- Implement missing guest-wrapper functionality and enable it for Ubuntu.
- Update AppArmor scripts to work in Ubuntu 13.10. (LP: #1243339)
* debian/50-guest-wrapper.conf:
- Configure guest session wrapper to use
lightdm (1.8.3-0ubuntu1) saucy; urgency=low
* New upstream release:
- Correctly set $XDG_SESSION_CLASS for greeters. This was regressed in 1.7.5
for ConsoleKit and was never passed to logind. logind/ConsoleKit treat
greeter sessions without this set as user sessions. This causes greeters
to show the lightdm user able to be logged in with.
(LP: #1242939)
- Set $USER when running the session-setup-script. This is a regression from
1.7.5. (LP: #1245957)
- Fix notification of sessions being logged out. This is a regression from
1.7.5 and caused greeters to show sessions logged in after they had been
logged out. (LP: #1245295)
-- Marc Deslauriers <[email protected]> Mon, 04 Nov 2013 13:35:26
-0500
** Changed in: lightdm (Ubuntu Saucy)
Status: In Progress => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4459
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/1242939
Title:
Greeter shows "LightDM" user due to XDG_SESSION_CLASS not being
provided to logind or ConsoleKit
Status in Light Display Manager:
Fix Released
Status in Light Display Manager 1.8 series:
Fix Released
Status in Light Display Manager 1.9 series:
Fix Released
Status in “lightdm” package in Ubuntu:
Fix Released
Status in “lightdm” source package in Saucy:
Fix Released
Status in “lightdm” source package in Trusty:
Fix Released
Bug description:
XDG_SESSION_CLASS not provided to logind or ConsoleKit.
The ConsoleKit support was regressed in 1.7.5 and it's never been
passed to logind.
Without the greeter being marked as a "greeter" class both logind and
ConsoleKit consider it an open session that must be logged out of
before you can shutdown.
This cases AccountsService to report this user and it is shown in
greeters.
To reproduce:
1. Boot to Unity Greeter
2. Log into guest account
3. Log out of guest account
Expected result:
Greeter shows user list same as before login
Observed result:
A new user is added - "Light Display Manager"
Regression potential:
This variable has not been set when using logind in Ubuntu so a low risk of
other subtle behaviour changes.
To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1242939/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
