Short Bytes: A flaw of medium priority has been found in Ubuntu Linux operating system. Due to a bug in LightDM display manager, the guest sessions aren’t properly confined. This problem stepped in when user session handling moved from upstart to systemd in Ubuntu 16.10. Canonical has released a patch for this vulnerability and you need to install security updates to get the fix.After the widespread havoc caused in the closed world of Windows by the WannaCry ransomware, it’s time for the Linux users to update their systems and patch a medium priority flaw that has the potential to do a considerable amount of damage. The issue being talked about here deals with LightDM, the display manager that powers the Unity Greeter login screen.
Reported by OMGUbuntu, the affected versions are Ubuntu 16.10 and Ubuntu 17.10. Due to this flaw in LightDM, it doesn’t correctly configure and confine the guest user session which is enabled by default on Ubuntu Linux. By exploiting the same, a notorious hacker with physical access can grab the files and gain access to the other users on the system. Please note that the files in a user’s home directories can also be accessed.
Recommended: How To Protect Yourself From WannaCry Ransomware?
To test if they are affected, the users can simply log into a guest session, launch a terminal with ctrl-alt-t and run this command:
$ cat /proc/self/attr/current
It should give the following output:
But, in reality, running the command in guest session in Ubuntu 16.10 and 17.04 results in:
Please note that this issue was introduced when the user session handling moved from upstart to systemd in Ubuntu 16.10. That’s why Ubuntu versions older than 16.10 aren’t affected.
How to fix Ubuntu login screen flaw
Just in case you’re running an updated Ubuntu system with all security updates installed, you don’t need to worry. If you haven’t done so, you need to update your system.
For that, simply open the Update Manager, check for updates and install all listed security patches.
Canonical has also turned the guest sessions off by default. It might re-enable in an update in near future, but this is how things are at the moment. If you need guest sessions, you need to turn it on manually.
Did you find this story on Ubuntu login screen flaw helpful? Don’t forget to share your views.