[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Jeremy Bicha]

** No longer affects: dconf (Ubuntu Bionic)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Fix Released
Status in gnome-session:
  Fix Released
Status in d-conf package in Ubuntu:
  Fix Released
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Fix Released
Status in session-migration package in Ubuntu:
  Fix Released
Status in xorg-server package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Released
Status in gnome-session source package in Bionic:
  Fix Released
Status in session-migration source package in Bionic:
  Fix Released
Status in xorg-server source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Marc Deslauriers]

I tested the 2018-04-21 daily image, and the permissions on ~/.config
and ~/.local are OK now.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xorg-server in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Fix Released
Status in gnome-session:
  Fix Released
Status in d-conf package in Ubuntu:
  Fix Released
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Fix Released
Status in session-migration package in Ubuntu:
  Fix Released
Status in xorg-server package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Released
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Fix Released
Status in session-migration source package in Bionic:
  Fix Released
Status in xorg-server source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Launchpad Bug Tracker]

This bug was fixed in the package xorg-server - 2:1.19.6-1ubuntu4

---
xorg-server (2:1.19.6-1ubuntu4) bionic; urgency=medium

  * debian/patches/fix-default-permissions.patch: fix default permissions
when creating the log directory. (LP: #1735929)

 -- Marc Deslauriers   Fri, 13 Apr 2018
11:31:45 -0400

** Changed in: xorg-server (Ubuntu Bionic)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xorg-server in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Fix Released
Status in gnome-session:
  Fix Released
Status in d-conf package in Ubuntu:
  Fix Released
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Fix Released
Status in session-migration package in Ubuntu:
  Fix Released
Status in xorg-server package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Released
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Fix Released
Status in session-migration source package in Bionic:
  Fix Released
Status in xorg-server source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Bug Watch Updater]

** Changed in: dconf
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xorg-server in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Fix Released
Status in gnome-session:
  Fix Released
Status in d-conf package in Ubuntu:
  Fix Released
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Fix Released
Status in session-migration package in Ubuntu:
  Fix Released
Status in xorg-server package in Ubuntu:
  Fix Committed
Status in d-conf source package in Bionic:
  Fix Released
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Fix Released
Status in session-migration source package in Bionic:
  Fix Released
Status in xorg-server source package in Bionic:
  Fix Committed

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[daniel CURTIS]

Hi Marc.

I apologize for not mentioning a release type. It's Xubuntu 16.04 LTS.
For now, I have no access to my other computer with Ubuntu 16.04 LTS so
I can not verify this issue. Sorry.

Is it a problem, that incorrect permission - in this case - are in
Xubuntu and not in Ubuntu? Will it be fixed?

Thanks and I apologize once again.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xorg-server in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Fix Released
Status in d-conf package in Ubuntu:
  Fix Released
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Fix Released
Status in session-migration package in Ubuntu:
  Fix Released
Status in xorg-server package in Ubuntu:
  Fix Committed
Status in d-conf source package in Bionic:
  Fix Released
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Fix Released
Status in session-migration source package in Bionic:
  Fix Released
Status in xorg-server source package in Bionic:
  Fix Committed

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Marc Deslauriers]

Hi daniel,

I wasn't able to reproduce with 16.04. Did you install the regular
Ubuntu desktop, or a specific flavour?

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xorg-server in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Fix Released
Status in d-conf package in Ubuntu:
  Fix Released
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Fix Released
Status in session-migration package in Ubuntu:
  Fix Released
Status in xorg-server package in Ubuntu:
  Fix Committed
Status in d-conf source package in Bionic:
  Fix Released
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Fix Released
Status in session-migration source package in Bionic:
  Fix Released
Status in xorg-server source package in Bionic:
  Fix Committed

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[daniel CURTIS]

Hello.

On 16.04 LTS (16.04.4) Release it looks this way:

[~]$ ls -ld .config/
drwxr-xr-x 24 user1 user1 4096 apr 14 18:21 .config/

[~]$ ls -ld .local/
drwx-- 3 user1 user1 4096 apr 30  2017 .local/

Thanks.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xorg-server in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Fix Released
Status in d-conf package in Ubuntu:
  Fix Released
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Fix Released
Status in session-migration package in Ubuntu:
  Fix Released
Status in xorg-server package in Ubuntu:
  Fix Committed
Status in d-conf source package in Bionic:
  Fix Released
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Fix Released
Status in session-migration source package in Bionic:
  Fix Released
Status in xorg-server source package in Bionic:
  Fix Committed

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Marc Deslauriers]

** Also affects: xorg-server (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: xorg-server (Ubuntu Bionic)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: xorg-server (Ubuntu Bionic)
   Importance: Undecided => High

** Changed in: xorg-server (Ubuntu Bionic)
   Status: New => In Progress

** Changed in: xorg-server (Ubuntu Bionic)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Fix Released
Status in d-conf package in Ubuntu:
  Fix Released
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Fix Released
Status in session-migration package in Ubuntu:
  Fix Released
Status in xorg-server package in Ubuntu:
  Fix Committed
Status in d-conf source package in Bionic:
  Fix Released
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Fix Released
Status in session-migration source package in Bionic:
  Fix Released
Status in xorg-server source package in Bionic:
  Fix Committed

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Marc Deslauriers]

Here's another:

https://cgit.freedesktop.org/xorg/xserver/tree/hw/xfree86/common/xf86Helper.c#n1136

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Fix Released
Status in d-conf package in Ubuntu:
  Fix Released
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Fix Released
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Released
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Fix Released
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Marc Deslauriers]

Is there anything left to land here? I just installed the 2018-04-13
desktop iso, and while ~/.config has correct permissions, ~/.local does
not.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Fix Released
Status in d-conf package in Ubuntu:
  Fix Released
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Fix Released
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Released
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Fix Released
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Launchpad Bug Tracker]

This bug was fixed in the package gnome-session - 3.28.1-0ubuntu1

---
gnome-session (3.28.1-0ubuntu1) bionic; urgency=medium

  * New upstream release
- Don't create ~/.config as world-readable. (LP: #1735929)
  * Drop xsmp-don-t-check-for-HAVE_XTRANS.patch: Applied in new release

 -- Jeremy Bicha   Tue, 10 Apr 2018 10:09:40 -0400

** Changed in: gnome-session (Ubuntu Bionic)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Fix Released
Status in d-conf package in Ubuntu:
  Fix Released
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Fix Released
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Released
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Fix Released
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Launchpad Bug Tracker]

** Branch linked: lp:~ubuntu-desktop/gnome-session/ubuntu

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Fix Released
Status in d-conf package in Ubuntu:
  Fix Released
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Fix Committed
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Released
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Fix Committed
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Jeremy Bicha]

** Changed in: gnome-session (Ubuntu Bionic)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Fix Released
Status in d-conf package in Ubuntu:
  Fix Released
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Fix Committed
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Released
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Fix Committed
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Bug Watch Updater]

** Changed in: gnome-session
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Fix Released
Status in d-conf package in Ubuntu:
  Fix Released
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  In Progress
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Released
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  In Progress
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Sebastien Bacher]

Change attached to the upstream bug

** Changed in: gnome-session (Ubuntu Bionic)
   Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Released
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  In Progress
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Released
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  In Progress
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Sebastien Bacher]

The weird version is no-go, bionic-proposed is not supposed to be used,
it's a pocket designed for packages testing and validation, if you opt
in for that you should know what you are doing. It's easy enough to go
back, just install dconf-server/bionic libdconf1/bionic etc for all the
dconf binaries you need

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Released
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Released
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Launchpad Bug Tracker]

This bug was fixed in the package d-conf - 0.26.0-2ubuntu3

---
d-conf (0.26.0-2ubuntu3) bionic; urgency=medium

  * 0001-Don-t-create-the-user-config-dir-as-world-readable.patch:
- create the config dir with permissions 700 so it's not world readable
  (lp: #1735929)

 -- Sebastien Bacher   Thu, 29 Mar 2018 11:01:28
+0200

** Changed in: d-conf (Ubuntu Bionic)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Released
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Released
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[dino99]

Next proposal:

rename to  0.26.1-3ubuntu3+isreally+0.26.0-2ubuntu3

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Committed
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Committed
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Jeremy Bicha]

Also, this is why I try suggesting really strongly to you guys not to
run -proposed during the development cycle because these kind of
removals happen.

(Maybe you just need to make sure you downgrade all the dconf binary
packages at the same time.)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Committed
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Committed
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Jeremy Bicha]

dino99, we can't easily just set the version higher since the
autopkgtest issue is triggered by 0.26.1 and higher versions.

http://autopkgtest.ubuntu.com/packages/n/notify-osd/bionic/armhf

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Committed
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Committed
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[dino99]

Yeah but that tweak is quite dirty: try to downgrade from
0.26.1-3ubuntu2 to 0.26.0-2ubuntu3, and you are proposed to remove half
of the packages list.

Maybe set the proposed version higher than the previous proposed one to
bypass that issue.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Committed
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Committed
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Sebastien Bacher]

No, that was "dconf" (rename) and that never migrated to bionic due to
armhf autopkgtest issues, I deleted that version to land that fix, the
update can be uploaded again if someone figures out the test issues

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Committed
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Committed
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Sebastien Bacher]

** Changed in: d-conf (Ubuntu Bionic)
   Status: Triaged => Fix Committed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Committed
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Committed
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[dino99]

d-conf (0.26.0-2ubuntu3) bionic; urgency=medium

  * 0001-Don-t-create-the-user-config-dir-as-world-readable.patch:
- create the config dir with permissions 700 so it's not world readable
  (lp: #1735929)

 -- Sebastien Bacher   Thu, 29 Mar 2018 11:01:28
+0200


uh !! bionic-proposed is already at 0.26.1-3ubuntu2

so 0.26.0-2ubuntu3 is supposed to be uploaded to Artful archive , not
bionic.

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Committed
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Committed
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Iain Lane]

** Also affects: gnome-session (Ubuntu Bionic)
   Importance: High
 Assignee: Sebastien Bacher (seb128)
   Status: Triaged

** Also affects: dconf (Ubuntu Bionic)
   Importance: High
   Status: Triaged

** Also affects: d-conf (Ubuntu Bionic)
   Importance: High
 Assignee: Sebastien Bacher (seb128)
   Status: Triaged

** Also affects: session-migration (Ubuntu Bionic)
   Importance: High
 Assignee: Didier Roche (didrocks)
   Status: Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Triaged
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Triaged
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Sebastien Bacher]

** Tags removed: rls-bb-incoming

** Changed in: gnome-session (Ubuntu)
 Assignee: (unassigned) => Sebastien Bacher (seb128)

** Changed in: d-conf (Ubuntu)
 Assignee: (unassigned) => Sebastien Bacher (seb128)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Triaged
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Will Cooke]

** Tags added: rls-bb-incoming

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Triaged
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Marc Deslauriers]

Any further progress on these issues?

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Triaged
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Marc Deslauriers]

Related bug in ubuntu-mate-welcome: bug 1745929

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Triaged
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Launchpad Bug Tracker]

This bug was fixed in the package session-migration - 0.3.3

---
session-migration (0.3.3) bionic; urgency=medium

  * src/session-migration.c:
fix default permission when creating unexisting parent directories
to be 700. (LP: #1735929)

 -- Didier Roche   Tue, 23 Jan 2018 10:31:30 +0100

** Changed in: session-migration (Ubuntu)
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Triaged
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Launchpad Bug Tracker]

** Branch linked: lp:session-migration

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Triaged
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Confirmed

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Jeremy Bicha]

** Also affects: dconf (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: dconf (Ubuntu)
   Status: New => Triaged

** Changed in: dconf (Ubuntu)
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Triaged
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Confirmed

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Bug Watch Updater]

** Changed in: gnome-session
   Status: Unknown => Confirmed

** Changed in: gnome-session
   Importance: Unknown => Medium

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Confirmed

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Bug Watch Updater]

** Changed in: dconf
   Status: Unknown => Confirmed

** Changed in: dconf
   Importance: Unknown => Medium

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Unknown
Status in d-conf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Confirmed

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Sebastien Bacher]

** Changed in: d-conf (Ubuntu)
   Importance: Undecided => High

** Changed in: d-conf (Ubuntu)
   Status: New => Triaged

** Bug watch added: GNOME Bug Tracker #792677
   https://bugzilla.gnome.org/show_bug.cgi?id=792677

** Also affects: dconf via
   https://bugzilla.gnome.org/show_bug.cgi?id=792677
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Unknown
Status in gnome-session:
  Unknown
Status in d-conf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Confirmed

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Sebastien Bacher]

** Bug watch added: GNOME Bug Tracker #792675
   https://bugzilla.gnome.org/show_bug.cgi?id=792675

** Also affects: gnome-session via
   https://bugzilla.gnome.org/show_bug.cgi?id=792675
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in gnome-session:
  Unknown
Status in d-conf package in Ubuntu:
  New
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Confirmed

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/gnome-session/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Didier Roche]

Sure, will have a look on the directory creation permission

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in d-conf package in Ubuntu:
  New
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Confirmed

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/d-conf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Sebastien Bacher]

Didier, could you have a look to the session-migration part of the
issue?

** Changed in: session-migration (Ubuntu)
 Assignee: (unassigned) => Didier Roche (didrocks)

** Changed in: gnome-session (Ubuntu)
   Importance: Undecided => High

** Changed in: gnome-session (Ubuntu)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-session in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in d-conf package in Ubuntu:
  New
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Confirmed

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/d-conf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Marc Deslauriers]

and another:
https://git.gnome.org/browse/gnome-session/tree/gnome-session/gsm-util.c?h=gnome-3-26#n99


** Also affects: gnome-session (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to session-migration in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in d-conf package in Ubuntu:
  New
Status in gnome-session package in Ubuntu:
  New
Status in session-migration package in Ubuntu:
  Confirmed

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/d-conf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Marc Deslauriers]

Here's another:
https://git.gnome.org/browse/dconf/tree/service/dconf-gvdb-utils.c#n177
https://git.gnome.org/browse/dconf/tree/service/dconf-keyfile-writer.c#n210

** Also affects: d-conf (Ubuntu)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to session-migration in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in d-conf package in Ubuntu:
  New
Status in session-migration package in Ubuntu:
  Confirmed

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/d-conf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Marc Deslauriers]

Here is one:
http://bazaar.launchpad.net/~ubuntu-desktop/session-migration/trunk/view/head:/src/session-migration.c#L270


** Package changed: ubuntu => session-migration (Ubuntu)

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to session-migration in Ubuntu.
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in session-migration package in Ubuntu:
  Confirmed

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/session-migration/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp