Shipping /etc/skel/.config makes dir world-readable for all users
Bug #1745929 reported by
Alkis Georgopoulos
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubuntu-mate-welcome (Ubuntu) |
Fix Released
|
Undecided
|
Martin Wimpress |
Bug Description
ubuntu-mate-welcome ships /etc/skel/
I reported in LP: #1672292 that it would be better to use /etc/xdg/autostart/ instead, but I just realized that this is also a security issue:
New users get world-readable .config directories because /etc/skel/.config is used as a template.
You can easily verify this even in the live CD, where /home/ubuntu-
The .config directory should be hidden by default, as applications may put sensitive data like passwords inside it.
A quick workaround for existing systems could be:
# rm -rf /etc/skel/.config
# chmod 700 /home/*/.config
Changed in ubuntu-mate-welcome (Ubuntu): | |
status: | New → Confirmed |
Changed in ubuntu-mate-welcome (Ubuntu): | |
status: | Confirmed → Fix Committed |
Changed in ubuntu-mate-welcome (Ubuntu): | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Thanks for reporting this issue. Can I make this bug public?