[clug-talk] Ubuntu 9.10 is allowing anonymous logins
osgnuru at gmail.com
Sat Oct 9 20:59:28 PDT 2010
I have been trying to login as guest but I have not been able to find out
how users are doing this.
On Sat, Oct 9, 2010 at 9:56 PM, Royce Souther <osgnuru at gmail.com> wrote:
> I double checked there is no guest account but I did a grep for guest in
> /etc/ and found that a temporary guest account was created then deleted.
> *root at amdX4home[~] #grep guest /etc/*
> /etc/bash_completion:# of Ubuntu's (and Debian's? :() inner
> weirdness? :) -- David (hanska-guest)
> grep: /etc/blkid.tab: No such file or directory
> Check the times for the files*
> root at amdX4home[~] #ll /etc/passwd*
> -rw-r--r-- 1 root root 1.9K 2010-10-09 21:09 /etc/passwd
> -rw------- 1 root root 2.0K 2010-10-09 20:30 /etc/passwd-
> Some how users have found a way to automatically create a guest account
> that is deleted when they log out.
> I am continuing to search Google but so far I have not found any
> information about this great new Ubuntu feature that lets users bypass the
> security system as setup by the root user.
> On Sat, Oct 9, 2010 at 9:16 PM, Royce Souther <osgnuru at gmail.com> wrote:
>> I just found out that anonymous users can login to Ubuntu system even if
>> they do not have an account. They login to Ubuntu 9.10 as user *guest*but there is no such account.
>> What the hell? This is a very bad security hole.
>> How is this possible?
>> How can I stop it?
>> Easy, fast GUI development.
> Easy, fast GUI development.
Easy, fast GUI development.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the clug-talk