[Bug 67378] users-admin does not check usernames for reserved system names/groups
Jonathan Carter
jonathan at ubuntu.com
Sat Dec 23 15:13:37 UTC 2006
Public bug reported:
Binary package hint: gnome-system-tools
In the Ubuntu debian-installer, it checks for reserved names such as
'admin', ie. you can't use admin as the username when creating the first
user.
The Gnome Users and Groups allows you to create a user called admin. If
users shouldn't create users called 'admin', then users-admin should not
allow it.
I mark this as a security vulnerability, because it affects system
security. When a user might unwittingly add a user called admin (which
is quite plausible), and then remove the user again for some reason,
then the group 'admin' will be gone too, which means that no one on the
system will have sudo root access, and updates won't take place, causing
even more potential problems.
** Affects: gnome-system-tools (Ubuntu)
Importance: Medium
Assignee: Ubuntu Desktop Bugs
Status: Rejected
--
users-admin does not check usernames for reserved system names/groups
https://launchpad.net/bugs/67378
More information about the desktop-bugs
mailing list