[Bug 1663157] Re: Guest session processes are not confined in 16.10 and newer releases

2018-03-06 Thread Robert Ancell 
** Changed in: lightdm
 Assignee: Robert Ancell (robert-ancell) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1663157

Title:
  Guest session processes are not confined in 16.10 and newer releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1663157/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1663157] Re: Guest session processes are not confined in 16.10 and newer releases

2018-02-15 Thread Francis Ginther 
** Tags added: id-5a57962350afc7d4aa391919

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1663157

Title:
  Guest session processes are not confined in 16.10 and newer releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1663157/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1663157] Re: Guest session processes are not confined in 16.10 and newer releases

2018-01-12 Thread Balint Reczey 
@tyhicks I just opened LP #1742912 for tracking the confinement fix.

** Changed in: lightdm (Ubuntu)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1663157

Title:
  Guest session processes are not confined in 16.10 and newer releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1663157/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1663157] Re: Guest session processes are not confined in 16.10 and newer releases

2018-01-11 Thread Tyler Hicks 
@rbalint can you please open a new bug to track re-enabling the guest
session with proper confinement rather than piggy back on this bug?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1663157

Title:
  Guest session processes are not confined in 16.10 and newer releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1663157/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1663157] Re: Guest session processes are not confined in 16.10 and newer releases

2018-01-11 Thread Balint Reczey 
Reopening, since the guest session is disabled by default but it is
still not confined.

** Changed in: lightdm (Ubuntu)
   Status: Fix Released => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1663157

Title:
  Guest session processes are not confined in 16.10 and newer releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1663157/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1663157] Re: Guest session processes are not confined in 16.10 and newer releases

2017-11-14 Thread Gunnar Hjalmarsson 
@Magezi: Please note that this is a bug report, not a support forum.
This Ask Ubuntu question may help:

https://askubuntu.com/q/915415

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1663157

Title:
  Guest session processes are not confined in 16.10 and newer releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1663157/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1663157] Re: Guest session processes are not confined in 16.10 and newer releases

2017-11-13 Thread Magezi Sagesse 
Hey guys I am a newbie to linux and I am coming from windows...I just
want to have that button on my login screen or somewhere on the
notification zone ...everything you have explained is hard for me to
understand can you please elaborate it in steps ..so that I enable
guest-session on my computer?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1663157

Title:
  Guest session processes are not confined in 16.10 and newer releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1663157/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1663157] Re: Guest session processes are not confined in 16.10 and newer releases

2017-06-22 Thread Mathew Hodson 
** No longer affects: apparmor (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1663157

Title:
  Guest session processes are not confined in 16.10 and newer releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1663157/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1663157] Re: Guest session processes are not confined in 16.10 and newer releases

2017-06-19 Thread Launchpad Bug Tracker 
This bug was fixed in the package lightdm - 1.22.0-0ubuntu4

---
lightdm (1.22.0-0ubuntu4) artful; urgency=medium

  * SECURITY UPDATE: Guest session not confined (LP: #1663157)
- debian/50-disable-guest.conf:
- debian/lightdm.install:
  - Disable guest sessions by default, this can be overridden by custom
configuration (e.g. /etc/lightdm/lightdm.conf)
- CVE-2017-8900

 -- Robert Ancell   Mon, 19 Jun 2017
16:32:24 +1200

** Changed in: lightdm (Ubuntu Artful)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1663157

Title:
  Guest session processes are not confined in 16.10 and newer releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1663157/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1663157] Re: Guest session processes are not confined in 16.10 and newer releases

2017-05-22 Thread Balint Reczey 
** Changed in: lightdm (Ubuntu Artful)
   Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1663157

Title:
  Guest session processes are not confined in 16.10 and newer releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1663157/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1663157] Re: Guest session processes are not confined in 16.10 and newer releases

2017-05-16 Thread Steve Langasek 
Balint, could you follow through on this bug?  Martin has provided some
good general guidance already about what's required to re-enable secure
guest sessions in artful.

** Changed in: lightdm (Ubuntu Artful)
Milestone: None => ubuntu-17.05

** Changed in: lightdm (Ubuntu Artful)
 Assignee: Robert Ancell (robert-ancell) => Balint Reczey (rbalint)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1663157

Title:
  Guest session processes are not confined in 16.10 and newer releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1663157/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1663157] Re: Guest session processes are not confined in 16.10 and newer releases

2017-05-11 Thread Ubuntu Foundations Team Bug Bot 
** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1663157

Title:
  Guest session processes are not confined in 16.10 and newer releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1663157/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1663157] Re: Guest session processes are not confined in 16.10 and newer releases

2017-05-11 Thread Tyler Hicks 
** Changed in: lightdm (Ubuntu Artful)
 Assignee: (unassigned) => Robert Ancell (robert-ancell)

** Changed in: lightdm
 Assignee: (unassigned) => Robert Ancell (robert-ancell)

** Changed in: lightdm (Ubuntu Yakkety)
 Assignee: (unassigned) => Tyler Hicks (tyhicks)

** Changed in: lightdm (Ubuntu Zesty)
 Assignee: (unassigned) => Tyler Hicks (tyhicks)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1663157

Title:
  Guest session processes are not confined in 16.10 and newer releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1663157/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1663157] Re: Guest session processes are not confined in 16.10 and newer releases

2017-05-11 Thread Tyler Hicks 
If you have a use case which requires the guest session, you can
manually re-enable it by writing the following contents to
/etc/lightdm/lightdm.conf:

# Manually enable guest sessions despite them not being confined
# IMPORTANT: Makes the system vulnerable to CVE-2017-8900
# https://bugs.launchpad.net/bugs/1663157
[Seat:*]
allow-guest=true

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1663157

Title:
  Guest session processes are not confined in 16.10 and newer releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1663157/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1663157] Re: Guest session processes are not confined in 16.10 and newer releases

2017-05-11 Thread Launchpad Bug Tracker 
** Branch linked: lp:lightdm/1.20

** Branch linked: lp:lightdm/1.22

** Branch linked: lp:lightdm

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1663157

Title:
  Guest session processes are not confined in 16.10 and newer releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1663157/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1663157] Re: Guest session processes are not confined in 16.10 and newer releases

2017-05-11 Thread Tyler Hicks 
I'm making this bug public now that we have security updates published
which disable the guest session. My hope is that we can re-enable it
after the changes suggested by pitti can be investigated/implemented.

** No longer affects: apparmor (Ubuntu Artful)

** No longer affects: apparmor (Ubuntu Zesty)

** No longer affects: apparmor (Ubuntu Yakkety)

** Changed in: apparmor (Ubuntu)
   Status: New => Invalid

** Description changed:

  Processes launched under a lightdm guest session are not confined by the
- /usr/lib/lightdm/lightdm-guest-session AppArmor profile in Ubuntu 16.10
- and Ubuntu Zesty. The processes are actually unconfined.
+ /usr/lib/lightdm/lightdm-guest-session AppArmor profile in Ubuntu 16.10,
+ Ubuntu 17.04, and Ubuntu Artful (current dev release). The processes are
+ unconfined.
  
  The simple test case is to log into a guest session, launch a terminal
  with ctrl-alt-t, and run the following command:
  
-  $ cat /proc/self/attr/current
+  $ cat /proc/self/attr/current
  
  Expected output, as seen in Ubuntu 16.04 LTS, is:
  
-  /usr/lib/lightdm/lightdm-guest-session (enforce)
+  /usr/lib/lightdm/lightdm-guest-session (enforce)
  
  Running the command inside of an Ubuntu 16.10 and newer guest session
  results in:
  
-  unconfined
+  unconfined

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1663157

Title:
  Guest session processes are not confined in 16.10 and newer releases

To manage notifications about this bug go to:
https://bugs.launchpad.net/lightdm/+bug/1663157/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs