search

bibliosansfrontieres / idbuntu

Ansible playbook for the laptops shipped with BSF's Ideasboxes. Migrated to https://gitlab.com/bibliosansfrontieres/ansible/idbuntu
https://gitlab.com/bibliosansfrontieres/ansible/idbuntu
0 stars 1 forks source link

Guest session not enabled in Ubuntu 18.04 #9

Open letompouce opened 5 years ago

letompouce commented 5 years ago

The guest session was intentionally disabled by default due to a security issue, where the guest session was not contained by the AppArmor profile that usually limits guest sessions.

The proper fix (from Ubuntu) would be to confine the guest session again. But that involves AppArmor'ing systemd, which is not trivial at all. My guess is it could take a long time before it happens :-)

If needed, the guest session can be enabled, still vulnerable to CVE-2017-8900 (basically, a guest user can browse other user's /home directory).

I think we can live with it, provided we sort of chmod o-rx /home/*.

letompouce commented 4 years ago

Ubuntu disabled guest sessions and closed #1663157

The underlying issue (guest sessions not confined) is reopened as #1742912 but seems stalled for now.

Fact is, we're still installing 16.04LTS and its EOL is to happen un 10 months now.

I think it's time to apply the workaround mentioned above.