This bug was fixed in the package lightdm - 1.1.7-0ubuntu2
---------------
lightdm (1.1.7-0ubuntu2) precise; urgency=low
* debian/guest-account: Fix arbitrary file deletion in removal of guest
files in /tmp. Use find/xargs with 0 separators instead of spaces.
(LP: #953044, CVE-2012-0943)
-- Martin Pitt <[email protected]> Tue, 13 Mar 2012 14:53:10 +0100
** Changed in: lightdm (Ubuntu Precise)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to lightdm in Ubuntu.
https://bugs.launchpad.net/bugs/953044
Title:
Guest session clean up can remove other user's files
Status in Light Display Manager:
Invalid
Status in “gdm-guest-session” package in Ubuntu:
Invalid
Status in “lightdm” package in Ubuntu:
Fix Released
Status in “gdm-guest-session” source package in Lucid:
Fix Released
Status in “gdm-guest-session” source package in Maverick:
Fix Released
Status in “gdm-guest-session” source package in Natty:
Fix Released
Status in “gdm-guest-session” source package in Oneiric:
Won't Fix
Status in “lightdm” source package in Oneiric:
Fix Released
Status in “lightdm” source package in Precise:
Fix Released
Bug description:
/usr/sbin/guest-account has this cleanup:
# remove leftovers in /tmp
find /tmp -mindepth 1 -maxdepth 1 -uid "$UID" | xargs rm -rf || true
This runs with the cwd of the last logged in user. If the user creates
a file "/tmp/x a", the file "a" gets removed from the last user's
login.
Thanks to Ryan Lortie for discovering this!
To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/953044/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
