Open letompouce opened 5 years ago
Ubuntu disabled guest sessions and closed #1663157
The underlying issue (guest sessions not confined) is reopened as #1742912 but seems stalled for now.
Fact is, we're still installing 16.04LTS and its EOL is to happen un 10 months now.
I think it's time to apply the workaround mentioned above.
The guest session was intentionally disabled by default due to a security issue, where the guest session was not contained by the AppArmor profile that usually limits guest sessions.
The proper fix (from Ubuntu) would be to confine the guest session again. But that involves AppArmor'ing systemd, which is not trivial at all. My guess is it could take a long time before it happens :-)
If needed, the guest session can be enabled, still vulnerable to CVE-2017-8900 (basically, a guest user can browse other user's
/home
directory).I think we can live with it, provided we sort of
chmod o-rx /home/*
.