*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Marc Deslauriers
(mdeslaur):
A live CD user can read-only access any file on the Ubuntu host HDD and
copy it to a USB key. Whether the host file belongs to an administrator
or regular user makes no difference. Is this normal? Is this not a
security violation?
ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: unity 3.8.2-0ubuntu1
ProcVersionSignature: Ubuntu 2.6.38-7.39-generic 2.6.38
Uname: Linux 2.6.38-7-generic i686
Architecture: i386
CompizPlugins:
[core,bailer,detection,composite,opengl,decor,mousepoll,vpswitch,regex,animation,snap,expo,move,compiztoolbox,place,grid,imgpng,gnomecompat,wall,ezoom,workarounds,staticswitcher,resize,fade,unitymtgrabhandles,scale,session,unityshell]
Date: Mon Apr 4 19:02:12 2011
DistroCodename: natty
DistroVariant: ubuntu
LiveMediaBuild: Ubuntu 11.04 "Natty Narwhal" - Beta i386 (20110402)
LiveMediaBuild_: Ubuntu 11.04 "Natty Narwhal" - Beta i386 (20110402)
LiveMediaBuild__: Ubuntu 11.04 "Natty Narwhal" - Beta i386 (20110402)
ProcEnviron:
LANGUAGE=en_US:en
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSignature_: Ubuntu 2.6.38-7.39-generic 2.6.38
ProcVersionSignature__: Ubuntu 2.6.38-7.39-generic 2.6.38
SourcePackage: unity
UpgradeStatus: No upgrade log present (probably fresh install)
version.libgl1-mesa-glx: libgl1-mesa-glx 7.10.1-0ubuntu3
version.xserver-xorg: xserver-xorg 1:7.6+4ubuntu1
** Affects: ubuntu
Importance: Undecided
Status: New
** Tags: apport-bug i386 natty ubuntu
--
Live CD user can access any HDD file
https://bugs.launchpad.net/bugs/750633
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
