Ubuntu 11.10 now ships with the guest account available at the LightDM login screen.
This new feature isn't really a security issue, since by default using it requires physical access, and it is confined with an AppArmor profile. If an attacker has physical access to your laptop, all bets are off.
The guest account can be disabled by editing /etc/lightdm/lightdm.conf and adding "allow-guest=false" to the "SeatDefaults" section.
Subscribe to:
Post Comments (Atom)
4 comments:
It works, thanks!!!
I disagree that it isn't a security risk.
My laptop drive is encrypted, leaving it somewhere will not expose me to a physical attacker. But having someone able to use the laptop and potentially using a local exploit to gain root is a risk.
BTW, having a guest session from the panel indicator is a good thing. I allows me to restrictively let someone use my laptop when I am logged it.
@Nocturn: Yes, I agree in that specific scenario the guest account could be considered a security issue.
Post a Comment