[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
** No longer affects: dconf (Ubuntu Bionic) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Fix Released Status in gnome-session: Fix Released Status in d-conf package in Ubuntu: Fix Released Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Fix Released Status in session-migration package in Ubuntu: Fix Released Status in xorg-server package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Released Status in gnome-session source package in Bionic: Fix Released Status in session-migration source package in Bionic: Fix Released Status in xorg-server source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
I tested the 2018-04-21 daily image, and the permissions on ~/.config and ~/.local are OK now. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to xorg-server in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Fix Released Status in gnome-session: Fix Released Status in d-conf package in Ubuntu: Fix Released Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Fix Released Status in session-migration package in Ubuntu: Fix Released Status in xorg-server package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Released Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Fix Released Status in session-migration source package in Bionic: Fix Released Status in xorg-server source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
This bug was fixed in the package xorg-server - 2:1.19.6-1ubuntu4 --- xorg-server (2:1.19.6-1ubuntu4) bionic; urgency=medium * debian/patches/fix-default-permissions.patch: fix default permissions when creating the log directory. (LP: #1735929) -- Marc DeslauriersFri, 13 Apr 2018 11:31:45 -0400 ** Changed in: xorg-server (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to xorg-server in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Fix Released Status in gnome-session: Fix Released Status in d-conf package in Ubuntu: Fix Released Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Fix Released Status in session-migration package in Ubuntu: Fix Released Status in xorg-server package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Released Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Fix Released Status in session-migration source package in Bionic: Fix Released Status in xorg-server source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
** Changed in: dconf Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to xorg-server in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Fix Released Status in gnome-session: Fix Released Status in d-conf package in Ubuntu: Fix Released Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Fix Released Status in session-migration package in Ubuntu: Fix Released Status in xorg-server package in Ubuntu: Fix Committed Status in d-conf source package in Bionic: Fix Released Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Fix Released Status in session-migration source package in Bionic: Fix Released Status in xorg-server source package in Bionic: Fix Committed Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Hi Marc. I apologize for not mentioning a release type. It's Xubuntu 16.04 LTS. For now, I have no access to my other computer with Ubuntu 16.04 LTS so I can not verify this issue. Sorry. Is it a problem, that incorrect permission - in this case - are in Xubuntu and not in Ubuntu? Will it be fixed? Thanks and I apologize once again. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to xorg-server in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Fix Released Status in d-conf package in Ubuntu: Fix Released Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Fix Released Status in session-migration package in Ubuntu: Fix Released Status in xorg-server package in Ubuntu: Fix Committed Status in d-conf source package in Bionic: Fix Released Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Fix Released Status in session-migration source package in Bionic: Fix Released Status in xorg-server source package in Bionic: Fix Committed Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Hi daniel, I wasn't able to reproduce with 16.04. Did you install the regular Ubuntu desktop, or a specific flavour? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to xorg-server in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Fix Released Status in d-conf package in Ubuntu: Fix Released Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Fix Released Status in session-migration package in Ubuntu: Fix Released Status in xorg-server package in Ubuntu: Fix Committed Status in d-conf source package in Bionic: Fix Released Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Fix Released Status in session-migration source package in Bionic: Fix Released Status in xorg-server source package in Bionic: Fix Committed Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Hello. On 16.04 LTS (16.04.4) Release it looks this way: [~]$ ls -ld .config/ drwxr-xr-x 24 user1 user1 4096 apr 14 18:21 .config/ [~]$ ls -ld .local/ drwx-- 3 user1 user1 4096 apr 30 2017 .local/ Thanks. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to xorg-server in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Fix Released Status in d-conf package in Ubuntu: Fix Released Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Fix Released Status in session-migration package in Ubuntu: Fix Released Status in xorg-server package in Ubuntu: Fix Committed Status in d-conf source package in Bionic: Fix Released Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Fix Released Status in session-migration source package in Bionic: Fix Released Status in xorg-server source package in Bionic: Fix Committed Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
** Also affects: xorg-server (Ubuntu) Importance: Undecided Status: New ** Changed in: xorg-server (Ubuntu Bionic) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: xorg-server (Ubuntu Bionic) Importance: Undecided => High ** Changed in: xorg-server (Ubuntu Bionic) Status: New => In Progress ** Changed in: xorg-server (Ubuntu Bionic) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Fix Released Status in d-conf package in Ubuntu: Fix Released Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Fix Released Status in session-migration package in Ubuntu: Fix Released Status in xorg-server package in Ubuntu: Fix Committed Status in d-conf source package in Bionic: Fix Released Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Fix Released Status in session-migration source package in Bionic: Fix Released Status in xorg-server source package in Bionic: Fix Committed Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Here's another: https://cgit.freedesktop.org/xorg/xserver/tree/hw/xfree86/common/xf86Helper.c#n1136 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Fix Released Status in d-conf package in Ubuntu: Fix Released Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Fix Released Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Released Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Fix Released Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Is there anything left to land here? I just installed the 2018-04-13 desktop iso, and while ~/.config has correct permissions, ~/.local does not. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Fix Released Status in d-conf package in Ubuntu: Fix Released Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Fix Released Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Released Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Fix Released Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
This bug was fixed in the package gnome-session - 3.28.1-0ubuntu1 --- gnome-session (3.28.1-0ubuntu1) bionic; urgency=medium * New upstream release - Don't create ~/.config as world-readable. (LP: #1735929) * Drop xsmp-don-t-check-for-HAVE_XTRANS.patch: Applied in new release -- Jeremy BichaTue, 10 Apr 2018 10:09:40 -0400 ** Changed in: gnome-session (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Fix Released Status in d-conf package in Ubuntu: Fix Released Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Fix Released Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Released Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Fix Released Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
** Branch linked: lp:~ubuntu-desktop/gnome-session/ubuntu -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Fix Released Status in d-conf package in Ubuntu: Fix Released Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Fix Committed Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Released Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Fix Committed Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
** Changed in: gnome-session (Ubuntu Bionic) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Fix Released Status in d-conf package in Ubuntu: Fix Released Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Fix Committed Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Released Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Fix Committed Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
** Changed in: gnome-session Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Fix Released Status in d-conf package in Ubuntu: Fix Released Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: In Progress Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Released Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: In Progress Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Change attached to the upstream bug ** Changed in: gnome-session (Ubuntu Bionic) Status: Triaged => In Progress -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Fix Released Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: In Progress Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Released Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: In Progress Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
The weird version is no-go, bionic-proposed is not supposed to be used, it's a pocket designed for packages testing and validation, if you opt in for that you should know what you are doing. It's easy enough to go back, just install dconf-server/bionic libdconf1/bionic etc for all the dconf binaries you need -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Fix Released Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Released Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Triaged Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
This bug was fixed in the package d-conf - 0.26.0-2ubuntu3 --- d-conf (0.26.0-2ubuntu3) bionic; urgency=medium * 0001-Don-t-create-the-user-config-dir-as-world-readable.patch: - create the config dir with permissions 700 so it's not world readable (lp: #1735929) -- Sebastien BacherThu, 29 Mar 2018 11:01:28 +0200 ** Changed in: d-conf (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Fix Released Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Released Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Triaged Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Next proposal: rename to 0.26.1-3ubuntu3+isreally+0.26.0-2ubuntu3 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Fix Committed Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Committed Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Triaged Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Also, this is why I try suggesting really strongly to you guys not to run -proposed during the development cycle because these kind of removals happen. (Maybe you just need to make sure you downgrade all the dconf binary packages at the same time.) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Fix Committed Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Committed Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Triaged Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
dino99, we can't easily just set the version higher since the autopkgtest issue is triggered by 0.26.1 and higher versions. http://autopkgtest.ubuntu.com/packages/n/notify-osd/bionic/armhf -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Fix Committed Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Committed Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Triaged Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Yeah but that tweak is quite dirty: try to downgrade from 0.26.1-3ubuntu2 to 0.26.0-2ubuntu3, and you are proposed to remove half of the packages list. Maybe set the proposed version higher than the previous proposed one to bypass that issue. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Fix Committed Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Committed Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Triaged Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
No, that was "dconf" (rename) and that never migrated to bionic due to armhf autopkgtest issues, I deleted that version to land that fix, the update can be uploaded again if someone figures out the test issues -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Fix Committed Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Committed Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Triaged Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
** Changed in: d-conf (Ubuntu Bionic) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Fix Committed Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Committed Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Triaged Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
d-conf (0.26.0-2ubuntu3) bionic; urgency=medium * 0001-Don-t-create-the-user-config-dir-as-world-readable.patch: - create the config dir with permissions 700 so it's not world readable (lp: #1735929) -- Sebastien BacherThu, 29 Mar 2018 11:01:28 +0200 uh !! bionic-proposed is already at 0.26.1-3ubuntu2 so 0.26.0-2ubuntu3 is supposed to be uploaded to Artful archive , not bionic. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Fix Committed Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Committed Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Triaged Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
** Also affects: gnome-session (Ubuntu Bionic) Importance: High Assignee: Sebastien Bacher (seb128) Status: Triaged ** Also affects: dconf (Ubuntu Bionic) Importance: High Status: Triaged ** Also affects: d-conf (Ubuntu Bionic) Importance: High Assignee: Sebastien Bacher (seb128) Status: Triaged ** Also affects: session-migration (Ubuntu Bionic) Importance: High Assignee: Didier Roche (didrocks) Status: Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Triaged Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Triaged Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Triaged Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
** Tags removed: rls-bb-incoming ** Changed in: gnome-session (Ubuntu) Assignee: (unassigned) => Sebastien Bacher (seb128) ** Changed in: d-conf (Ubuntu) Assignee: (unassigned) => Sebastien Bacher (seb128) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Triaged Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
** Tags added: rls-bb-incoming -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Triaged Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Any further progress on these issues? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Triaged Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Related bug in ubuntu-mate-welcome: bug 1745929 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Triaged Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
This bug was fixed in the package session-migration - 0.3.3 --- session-migration (0.3.3) bionic; urgency=medium * src/session-migration.c: fix default permission when creating unexisting parent directories to be 700. (LP: #1735929) -- Didier RocheTue, 23 Jan 2018 10:31:30 +0100 ** Changed in: session-migration (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Triaged Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
** Branch linked: lp:session-migration -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Triaged Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Confirmed Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
** Also affects: dconf (Ubuntu) Importance: Undecided Status: New ** Changed in: dconf (Ubuntu) Status: New => Triaged ** Changed in: dconf (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Triaged Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Confirmed Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
** Changed in: gnome-session Status: Unknown => Confirmed ** Changed in: gnome-session Importance: Unknown => Medium -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Confirmed Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
** Changed in: dconf Status: Unknown => Confirmed ** Changed in: dconf Importance: Unknown => Medium -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Unknown Status in d-conf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Confirmed Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
** Changed in: d-conf (Ubuntu) Importance: Undecided => High ** Changed in: d-conf (Ubuntu) Status: New => Triaged ** Bug watch added: GNOME Bug Tracker #792677 https://bugzilla.gnome.org/show_bug.cgi?id=792677 ** Also affects: dconf via https://bugzilla.gnome.org/show_bug.cgi?id=792677 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Unknown Status in gnome-session: Unknown Status in d-conf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Confirmed Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
** Bug watch added: GNOME Bug Tracker #792675 https://bugzilla.gnome.org/show_bug.cgi?id=792675 ** Also affects: gnome-session via https://bugzilla.gnome.org/show_bug.cgi?id=792675 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in gnome-session: Unknown Status in d-conf package in Ubuntu: New Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Confirmed Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-session/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Sure, will have a look on the directory creation permission -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in d-conf package in Ubuntu: New Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Confirmed Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/d-conf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Didier, could you have a look to the session-migration part of the issue? ** Changed in: session-migration (Ubuntu) Assignee: (unassigned) => Didier Roche (didrocks) ** Changed in: gnome-session (Ubuntu) Importance: Undecided => High ** Changed in: gnome-session (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-session in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in d-conf package in Ubuntu: New Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Confirmed Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/d-conf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
and another: https://git.gnome.org/browse/gnome-session/tree/gnome-session/gsm-util.c?h=gnome-3-26#n99 ** Also affects: gnome-session (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to session-migration in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in d-conf package in Ubuntu: New Status in gnome-session package in Ubuntu: New Status in session-migration package in Ubuntu: Confirmed Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/d-conf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Here's another: https://git.gnome.org/browse/dconf/tree/service/dconf-gvdb-utils.c#n177 https://git.gnome.org/browse/dconf/tree/service/dconf-keyfile-writer.c#n210 ** Also affects: d-conf (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to session-migration in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in d-conf package in Ubuntu: New Status in session-migration package in Ubuntu: Confirmed Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/d-conf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Here is one: http://bazaar.launchpad.net/~ubuntu-desktop/session-migration/trunk/view/head:/src/session-migration.c#L270 ** Package changed: ubuntu => session-migration (Ubuntu) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to session-migration in Ubuntu. https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in session-migration package in Ubuntu: Confirmed Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/session-migration/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp