[Bug 103107] "Start new session" auto logs in as previous new session starter
monstermunch
monstermunch at fmail.co.uk
Wed Apr 4 23:21:30 UTC 2007
Public bug reported:
Binary package hint: kdm
I'm running kubuntu 6.10.
Instructions:
Use KDM as your login manager and login to KDE.
Open a terminal.
Type "sudo adduser bug" and fill in the details to create a new user called "bug".
Goto K-menu->Switch User->Start New Session.
The KDM login manager screen should appear. Login as "bug" with your password.
Logout as bug and switch back to your first session (should happen automatically).
Goto K-menu->Switch User->Start New Session.
What happens:
You will be automatically logged into KDE as "bug" without being asked if you wanted to or being asked for the password.
What I expected:
To be presented with the KDM login screen.
If you wait a couple of minutes before doing the final instruction, the
expected behaviour happens. My KDM settings say to automatically log in
on X server crash and auto-login my main (not "bug") user.
This seems like a serious security problem to me in an environment where
people share machines as it would be easy to let someone login as your
new session, wait for them to log out and then login to their account
with no password.
** Affects: kdebase (Ubuntu)
Importance: Undecided
Status: Unconfirmed
--
"Start new session" auto logs in as previous new session starter
https://bugs.launchpad.net/bugs/103107
You received this bug notification because you are a member of Kubuntu
Team, which is a bug contact for kdebase in ubuntu.
More information about the kubuntu-bugs
mailing list