12.04 security weakness (or at least could be darned embarrassing)
UbuntuThis forum is for the discussion of Ubuntu Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
12.04 security weakness (or at least could be darned embarrassing)
I finally threw in the towel and installed 12.04 with gnome-session-fallback on my netbook. I got almost everything tweaked to my liking and finally I added a picture as the desktop background instead of the garish colors provided by Canonical. To my surprise I found that my desktop background had become the the login background.
I then built a 12.04 virtual machine in VMWare. I created three stooges (users) Moe, Larry and Curly. I assigned each a different desktop background image. At the login screen I find that by selecting the username I see that user's desktop.
Putting on my paranoid hat (from working for 18 years in IT for a Fortune 500 company) I see the the following concerns:
1 - by providing a list of user accounts Ubuntu has already given away half of the credential data
2- by showing the user's chosen desktop it may have given a hint to the user's password. For example if the user has a picture of their dog as their desktop background and their co-workers know that their dog is named Rover then how about Rover01 Rover2012 R0ver etc. ? I have seen worse.
Finally, if the boss uses a revealing picture of his hot wife
It just strikes me that Canonical is making Ubuntu less corporate friendly to be more user friendly. I wonder if this is self defeating as their income is from corporate customers not individual uses?
I think point 2 is pretty baseless. That's the users problem, in the same way that I also found that 12.04 also does nothing whatsoever to prevent the user writing their password on a post-it note and sticking it to their monitor.
Does seems like an odd behavior though, unless the view is that it's so likely to be a single user system it just makes the user experience nicer at no cost? Don't like the sound of that certainly, unless his wife is fit. But then again, it's basically a logical extension of the avatar style image that Win7 uses for one thing.
I guess it might be a stretch. I never did like the avatar, pick the user approach from Microsoft. I do not like the similar approach in Ubuntu 12.04 and am frustrated in being unable to find a way to return to the simple greeter available in 10.04. Thus my rant...
Ken
p.s. And I am frustrated at being unable to thoroughly test 'buntu interfaces on VMWare before committing to installing on on actual hardware. Ubuntu with gnome-session-fallback is flaky. Mint 13 Cinnamon is very different on VMWare vs. hardware. Lubuntu has similar differences and flakyness.
It gets worse... my experience with Ubuntu 12.04 is that, when waking from suspend or screen-lock, when you are prompted for the password, artifacts from the session are clearly visible on the screen!
Thus if you walk away from your desk and suspend the machine, anyone can walk by, jiggle the mouse, and potentially see what you are working on.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.