Skip to main content

Ubuntu Login Screen Security Flaw Could Allow Anyone To Access Your Files

ubuntu 16.10 login screen bug lightdm
A flaw of medium priority has been found in Ubuntu Linux operating system. Due to a bug in LightDM display manager, the guest sessions aren’t properly confined. This problem stepped in when user session handling moved from upstart to systemd in Ubuntu 16.10. Canonical has released a patch for this vulnerability and you need to install security updates to get the fix.

After the widespread havoc caused in the closed world of Windows by the WannaCry ransomware, it’s time for the Linux users to update their systems and patch a medium priority flaw that has the potential to do a considerable amount of damage. The issue being talked about here deals with LightDM, the display manager that powers the Unity Greeter login screen.
Reported by OMGUbuntu, the affected versions are Ubuntu 16.10 and Ubuntu 17.10. Due to this flaw in LightDM, it doesn’t correctly configure and confine the guest user session which is enabled by default on Ubuntu Linux. By exploiting the same, a notorious hacker with physical access can grab the files and gain access to the other users on the system. Please note that the files in a user’s home directories can also be accessed.
To test if they are affected, the users can simply log into a guest session, launch a terminal with ctrl-alt-t and run this command:
It should give the following output:
/usr/lib/lightdm/lightdm-guest-session (enforce)
But, in reality, running the command in guest session in Ubuntu 16.10 and 17.04 results in:
Please note that this issue was introduced when the user session handling moved from upstart to systemd in Ubuntu 16.10. That’s why Ubuntu versions older than 16.10 aren’t affected.

How to fix Ubuntu login screen flaw

Just in case you’re running an updated Ubuntu system with all security updates installed, you don’t need to worry. If you haven’t done so, you need to update your system.
For that, simply open the Update Manager, check for updates and install all listed security patches.
Canonical has also turned the guest sessions off by default. It might re-enable in an update in near future, but this is how things are at the moment. If you need guest sessions, you need to turn it on manually.
Did you find this story on Ubuntu login screen flaw helpful? Don’t forget to share your views.



Amazon Cuts Huawei Watch 2 Price To $194.99

Huawei's latest smartwatch has received a temporary price cut in the United States. There is no word on how long the promotion will last, but those interested

This Medical Camera Can See Right Through Human Body

Now, a team at the University of Edinburgh has developed a medical camera that can see right through your body. This new camera works by detecting light sources inside the body, such as

Google Search About To Receive A New “Speed Test Tool”, Here Is How To Use It

I use the Speed Test tool by Ookla to check the speed of my broadband connection. Generally, I use Google Search to visit the website. But the last time when I Googled the term “speed test,” I didn’t have to go much further than the search result itself.

Microsoft Has Released The First Windows 10 Build 16353 For Insiders

As Fall Creators Update is nearing its release, Skip Ahead was announced last month. It enables fast ring users to continue receiving new features, though the RS_PRERELEASE