Originally we deliberately allowed that so that guest users can use an USB stick to do things like like editing documents there or keeping their firefox config. See the profile:
/media/** rmwlixk, # we want access to USB sticks and the like However, this should certainly be limited to the guest user's own devices. We already shield users from each other by mounting VFAT devices with dmask=0077, and ext4 devices have their own ACLs anyway. That of course breaks down if you have custom /etc/fstab rules which allow anyone to write there. I think we can tighten this up with owner /media/** rmwlixk, This would break desired access to e. g. ext4 external hard disks, but that might be a smaller use case. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to lightdm in Ubuntu. https://bugs.launchpad.net/bugs/882862 Title: Guest account can read/write in /media/ Status in “lightdm” package in Ubuntu: Fix Committed Bug description: The guest account can everything under /media/. Is the guest account really supposed to be able to access and read all the files on the host computer? If yes, then is the guest account really really supposed to be able to write to /media/ ? Shouldn't the guest be limited to his temporary home in /tmp/ ? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/882862/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
