apport information ** Attachment added: "modified.conffile..etc.gdm.custom.conf.txt" https://bugs.launchpad.net/bugs/1314971/+attachment/4102591/+files/modified.conffile..etc.gdm.custom.conf.txt
-- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gdm in Ubuntu. https://bugs.launchpad.net/bugs/1314971 Title: Potential Security Issue - Having multiple users logins the administrator account without asking for password Status in “gdm” package in Ubuntu: Incomplete Bug description: Basic Info: --------------- 1. OS: Ubuntu GNOME 14.04 (with all the updates applied till now) 2. GDM package information: $ apt-cache policy gdm gdm: Installed: 3.10.0.1-0ubuntu3 Candidate: 3.10.0.1-0ubuntu3 Version table: *** 3.10.0.1-0ubuntu3 0 500 http://in.archive.ubuntu.com/ubuntu/ trusty/universe i386 Packages 100 /var/lib/dpkg/status --------------------------------------------------------------------------------------------------------------- I have two user accounts setup: 1. Aditya (Administrator) 2. Mohit (Standard User) Both the accounts have passwords on them and "Automatic Login" is off for both of them. When I reboot, two cases happen: 1. If I don't select which user account I want to login (Administrator account is autoselected initially), GNOME waits for about ~5 secs and then starts displaying a progress bar around the Adminstrator Account (Aditya) indicating that this account would login when it reaches 100% (it takes about 10 secs for progress bar to finish). Once the progress bar finished, it logs the Administrator without asking for user password and anyone can use the account without knowing the password at all. 2. Even when I select the Standard Account (Mohit) (but don't press return/enter - ie; I don't reach the password screen for Mohit) then GNOME waits for about ~5 secs and thereafter selects the Administrator Account (Aditya) by itself and repeats case 1 mentioned above. However, since I have the "Online Accounts" setup, it nags me a couple of times initially after login to enter the password, but I can just press Escape and don't need to enter the password. (The Online Accounts feature don't work as expected since I don't provide the password to it). Screenshot of it nagging me to provide password for Online Accounts: http://i.stack.imgur.com/M09HP.png --- ApportVersion: 2.14.1-0ubuntu3 Architecture: i386 CurrentDesktop: GNOME DistroRelease: Ubuntu 14.04 InstallationDate: Installed on 2014-04-18 (12 days ago) InstallationMedia: This Package: gdm 3.10.0.1-0ubuntu3 PackageArchitecture: i386 Tags: trusty Uname: Linux 3.14.2-031402-generic i686 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo _MarkForUpload: True mtime.conffile..etc.gdm.custom.conf: 2014-04-28T01:23:29.870182 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/1314971/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
