gdm allows shutdown when other accounts open
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gdm (Ubuntu) |
Expired
|
Low
|
Unassigned |
Bug Description
Binary package hint: gdm
00] Environment - two users logged in. There is a dedicated root-user account, with a dedicated password, and the other users have NO sudoer privileges.
01] User#1 request to shut down the machine using gnome panel applet
02] response is a black screen with authorization window requiring password (picture of keys on left side) and warning that another user is logged in.
[[ BTW ### Nothing in the message states which of the three passwords are being requested! ]]
03] Each of the three passwords are tried at least once
[[ BTW ### None of the passwords are REPORTED to have been accepted ]]
04] After a final shudder and claim that the password could NOT be authenticated, the authentication window disappears, and the GDM greeter screen appears.
[[ HUH?! Did it just 'give up', or did it mis-report a proper password authentification as improper? If so, which password? ]]
05] The GDM greeter allows the computer to be shut down using the button on the right side of the lower panel.
[[ But this happedned without authentification !! ]]
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: gdm 2.30.2.
ProcVersionSign
Uname: Linux 2.6.32-24-generic i686
Architecture: i386
Date: Mon Aug 16 01:07:03 2010
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
ProcEnviron:
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: gdm
Unmarking this as a security bug since someone with physical access can turn off the machine via other methods. From https:/ /wiki.ubuntu. com/SecurityTea m/Policies# Reasonable% 20Physical% 20Access: "While every attempt is made to securely isolate physically local users of a shared computer from one another, the stock Ubuntu installation is not intended to block an attacker with physical access."