[Bug 1310898] Re: Sudo allows access to private info without providing root password
Seth Arnold
1310898 at bugs.launchpad.net
Tue Apr 22 17:52:16 UTC 2014
Thanks for taking the time to report this bug and helping to make Ubuntu better. This is not a bug, but rather expected behavior:
https://wiki.ubuntu.com/SecurityTeam/Policies#Permissive_Home_Directory_Access
Please feel free to report any other bugs you may find.
** Information type changed from Private Security to Public
** Changed in: sudo (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/1310898
Title:
Sudo allows access to private info without providing root password
Status in “sudo” package in Ubuntu:
Invalid
Bug description:
At a terminal typing "sudo cp /home/another_user/" then using "tab"
will list files in another_users's directory WITHOUT first providing
the root password, with obvious security implications.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: sudo 1.8.9p5-1ubuntu1
ProcVersionSignature: Ubuntu 3.13.0-24.46-generic 3.13.9
Uname: Linux 3.13.0-24-generic x86_64
ApportVersion: 2.14.1-0ubuntu3
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Apr 21 23:39:22 2014
EcryptfsInUse: Yes
InstallationDate: Installed on 2014-04-19 (3 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
SourcePackage: sudo
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.sudoers: [inaccessible: [Errno 13] Permission denied: '/etc/sudoers']
modified.conffile..etc.sudoers.d.README: [inaccessible: [Errno 13] Permission denied: '/etc/sudoers.d/README']
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1310898/+subscriptions
More information about the foundations-bugs
mailing list