Ubuntu
lightdm package

guest session is not confined by apparmor

Bug #975901 reported by Albert Damen
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
lightdm (Ubuntu)
Fix Released
High
Martin Pitt
Ubuntu ubuntu-12.04
Precise
Fix Released
High
Martin Pitt
Ubuntu ubuntu-12.04

Bug Description

When running a guest session, I noticed I could access the home directories of other users on the system.
aa-status showed the guest session process was not confined by apparmor.
25 profiles are in enforce mode
   /usr/lib/lightdm/lightdm-guest-session-wrapper

/etc/apparmor.d/lightdm-guest-session has "/usr/lib/lightdm/lightdm-guest-session-wrapper {"
However, the actual guest session wrapper script is shipped in /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper.

After I changed /etc/apparmor.d/lightdm-guest-session to point to the correct location of the wrapper, the guest session was correctly confined, as shown with aa-status, and access to other home directories was properly denied.

81 processes are in enforce mode.
   /usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper (5217)

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: lightdm 1.2.0-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-22.35-generic 3.2.14
Uname: Linux 3.2.0-22-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0-0ubuntu4
Architecture: amd64
Date: Sat Apr 7 13:45:14 2012
EcryptfsInUse: Yes
ProcEnviron:
 TERM=xterm
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: lightdm
UpgradeStatus: Upgraded to precise on 2012-02-18 (49 days ago)
mtime.conffile..etc.apparmor.d.lightdm.guest.session: 2012-04-07T12:42:00

Revision history for this message
Albert Damen (albrt) wrote :
visibility: private → public
Jamie Strandboge (jdstrand)
Changed in lightdm (Ubuntu):
importance: Undecided → High
Revision history for this message
Martin Pitt (pitti) wrote :

/usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper sounds like a recent packaging error. When I wrote the policy the path definitively was /usr/lib/lightdm/lightdm-guest-session-wrapper. Robert, is that new path intended? It looks a bit exaggerated.

Jamie Strandboge (jdstrand)
Changed in lightdm (Ubuntu Precise):
milestone: none → ubuntu-12.04
tags: added: regression-release
Martin Pitt (pitti)
Changed in lightdm (Ubuntu Precise):
assignee: nobody → Martin Pitt (pitti)
status: New → In Progress
Revision history for this message
Martin Pitt (pitti) wrote :

I fixed this upstream: http://bazaar.launchpad.net/~lightdm-team/lightdm/trunk/revision/1487

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package lightdm - 1.2.0-0ubuntu2

---------------
lightdm (1.2.0-0ubuntu2) precise; urgency=low

  * Fix wrapper path in AppArmor profile. This got broken in 1.1.1. Patch also
    committed upstream, and cherry-picked (r1487) (LP: #975901)
 -- Martin Pitt <email address hidden> Tue, 10 Apr 2012 11:06:03 +0200

Changed in lightdm (Ubuntu Precise):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.