Originally we deliberately allowed that so that guest users can use an USB stick to do things like like editing documents there or keeping their firefox config. See the profile:
/media/** rmwlixk, # we want access to USB sticks and the like However, this should certainly be limited to the guest user's own devices. We already shield users from each other by mounting VFAT devices with dmask=0077, and ext4 devices have their own ACLs anyway. That of course breaks down if you have custom /etc/fstab rules which allow anyone to write there. I think we can tighten this up with owner /media/** rmwlixk, This would break desired access to e. g. ext4 external hard disks, but that might be a smaller use case. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/882862 Title: Guest account can read/write in /media/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lightdm/+bug/882862/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
