[Lilug] ubuntu guest user

[Jorg Kewisch]

I think this is the 4th time the way to disable the Ubuntu guest user
changed:
first one had to add "allow-guest=false" to a file in /etc/lightdm
then that file moved to /usr/share/lightdm/lightdm.conf.d/50-no-guest.conf
then the format changed to "[SeatDefaults]\nallow-guest=false\n"
now the file name is "50-ubuntu.conf"

I have a script that I run after every new install and with each change
this creepy guest user comes back. I am now convinced that this is
intentional (paid for by NSA?) and the guest user is a serious security
hole.

Remember when they found an unapproved change in the Linux kernel a few
years back?  Some error handler contained :"if( uid = 0) {..}" instead
of  "if( uid == 0) {..}". Triggering this error would make you root. But
you can only do that if you are already logged into the computer and
that is what the guest user is for.This bug was fixed, but there may be
others.


The method de jour to get rid of the guest user is:
sudo sh -c 'printf "[SeatDefaults]\nallow-guest=false\n" >>
/usr/share/lightdm/lightdm.conf.d/50-ubuntu.conf'


jorg


P.S. I wrote this message in July, and when I am pissed off I don't send
it immediately and then forgot about it. Now it happened ***AGAIN***.
There was an update for lightdm and the update overwrote the conf file.
That is no accident.

Where can I tell these guys (in colorful language) that enough is
enough? Where can I tell other sysadmins that this is going on?

Jorg