[Solved]18.2 Sonya guest account accesses documents and pictures

[catch22]

After upgrading to Mint 18.2 I was curious to try the guest account that's available automatically.
A nice feature - but to my surprise, in that account it was possible to go to some files in /home/pc_owner/pictures and also in /home/pc_owner/downloads.

Isn't the home of the pc-owner supposed to be protected from access 100 %?

It's no major issue for me - just curious to learn more

[JerryF]

Check the permissions on your folders and files.

[Cosmo.]

Isn't the home of the pc-owner supposed to be protected from access 100 %?

Yes, this should not be possible. Also I cannot reproduce it.

Please describe the exact steps, which brought you to the main account.

[catch22]

Please describe the exact steps, which brought you to the main account.

Simply in Nemo I went to /home/myaccount/ and started trying if it was full proof.
The Dropbox and most other folders were secure - permission denied - but Documents let me have access to a LibreOffice odt file.
In terminal I started mocp and could play audio files that are in the Downloads folder.
In Pictures I could see all pics there. Not much to describe - it was plain open.

[MintBean]

Check the permissions on your folders and files.

[Cosmo.]

In the starting post you wrote, that this is an upgraded system. How did you upgrade exactly? I ask, because the official upgrade path is only open since a few hours.

How did you install LightDM (in case of an official upgrade).

And again: You wrote, that you went in Nemo to /home/myaccount. If I do this I get a popup, that because of missing permissions Home cannot be displayed, if I try to enter the path /home/user-name/Downloads or /home/user-name/Pictures I get the same. (Tests done with a fresh install of LM 18.2.)

So in case you have found a bug, we need a way to reproduce it.

[catch22]

In the starting post you wrote, that this is an upgraded system. How did you upgrade exactly? I ask, because the official upgrade path is only open since a few hours.

How did you install LightDM (in case of an official upgrade).

And again: You wrote, that you went in Nemo to /home/myaccount. If I do this I get a popup, that because of missing permissions Home cannot be displayed, if I try to enter the path /home/user-name/Downloads or /home/user-name/Pictures I get the same. (Tests done with a fresh install of LM 18.2.)

So in case you have found a bug, we need a way to reproduce it.

The upgrade was from Mint18.1 via the Update Manager.
The lightdm I installed via instructions on the blog, like so:

Code: Select all

apt install slick-greeter lightdm-settings

Code: Select all

apt remove mdm

Unfortunately I will have to leave you in suspense, because I have to go to bed now and won't be able to test more till Wednesday evening earliest (working day ahead plus evening class)

[Cosmo.]

I have in the meantime upgraded a 18.1 system to 18.2 and installed LightDM. I confirm this problem and have opened an issue about this. This problem does only exist in upgraded systems, not in fresh installs of 18.2, so it was never possible to test this during the beta phase.

[laederlappen]

Check the permissions on your folders and files.

Check the permissions on your folders and files.

Guest-Session has AppArmor profile.

[Cosmo.]

Users of an upgraded 18.2 should at now not switch to LightDM or at least disable the guest account at once. This is a serious security hole in case of a local attacker. (Fresh installs of 18.2 are not affected.)

[MintBean]

Guest-Session has AppArmor profile.

Thanks for the info.

[catch22]

Users of an upgraded 18.2 should at now not switch to LightDM or at least disable the guest account at once. This is a serious security hole in case of a local attacker. (Fresh installs of 18.2 are not affected.)

How do I disable this guest account?
When i go to Administration / Users and Groups it's not there!
I see my own account plus a guest account that I made myself previous to the upgrade.

[Pjotr]

Users of an upgraded 18.2 should at now not switch to LightDM or at least disable the guest account at once. This is a serious security hole in case of a local attacker. (Fresh installs of 18.2 are not affected.)

How do I disable this guest account?
When i go to Administration / Users and Groups it's not there!
I see my own account plus a guest account that I made myself previous to the upgrade.

Menu - Administration - Login Window

Set the switch to OFF for: Allow guest sessions

Reboot.

[catch22]

Menu - Administration - Login Window

Set the switch to OFF for: Allow guest sessions

Reboot.

Thanks

[Pjotr]

Users of an upgraded 18.2 should at now not switch to LightDM or at least disable the guest account at once. This is a serious security hole in case of a local attacker. (Fresh installs of 18.2 are not affected.)

Maybe this could be a workaround, until there's a fix? In all of the other accounts:

Code: Select all

chmod -v 700 $HOME

[laederlappen]

Users of an upgraded 18.2 should at now not switch to LightDM or at least disable the guest account at once. This is a serious security hole in case of a local attacker. (Fresh installs of 18.2 are not affected.)

Maybe this could be a workaround, until there's a fix? In all of the other accounts:

Code: Select all

chmod -v 700 $HOME

Works.
Seems like 18.2 upgrade doesn't install AppArmor profile which 18.2 iso has.

[EDIT]

After testing 18.2 upgrade and 18.2 iso in a VM, I can confirm that both versions have lightdm-guest-session AppAmor profile.
However in 18.2 upgrade, I couldn't run command aa-status because package apparmor was not installed.
Then I installed apparmor in 18.2 upgrade and after rebooting the system, the profile lightdm-guest-session gets loaded and guest-session works as intended.

[Cosmo.]

Users of an upgraded 18.2 should at now not switch to LightDM or at least disable the guest account at once. This is a serious security hole in case of a local attacker. (Fresh installs of 18.2 are not affected.)

Maybe this could be a workaround, until there's a fix? In all of the other accounts:

Code: Select all

chmod -v 700 $HOME

Correct, but in this case we don't need a guest account.

It is not the task of the users to fix a security hole, this is the task of the dev team (which did not respond in 24 hours).

@laederlappen:
Might be something in this direction. But the file /etc/apparmor.d/lightddm.guest.session does exist in both systems (the upgraded and the fresh installed) and they are identical. There are indeed some differences in /etc/apparmor and /etc/apparmor.d (which possibly should not exist), but surely not all of them are related to this bug and this makes investigating difficult. (E. G. One difference concerns Firefox, what has surely nothing to do with the guest account; but possibly another leak. I am not sure about this, but I am astonished about the difference.)

So for now I warn against switching to lightdm in an upgraded system!

[laederlappen]

@cosmo
I edited my previous post when you wrote your answer.

[Cosmo.]

I confirm. apparmor is missing. This is either a bug in the upgrade mechanism or in the advice to switch to lightdm. I assume the first case.
There might be some reasons, why Clem left apparmor out in the upgrade process (like he did for lightdm), but in this case there would be the clear mistake in the instructions regarding lightdm, that also apparmor needs to get installed.

I confirm also, that after installing apparmor the guest session behaves as expected.

[Pjotr]

It's not a bug in the upgrade mechanism, because that doesn't install LightDM in the first place.... It's apparently an omission in the how-to in the blog, for installing LightDM *after* the upgrade.

This is the current instruction:

Code: Select all

apt install slick-greeter lightdm-settings

Apparently it should be:

Code: Select all

apt install slick-greeter lightdm-settings apparmor

So I think a simple correction of the blog post announcing the availability of the upgrade path, should suffice.