Big security problem in Nautilus 3.28.1
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
In my Arch Linux installation with Gnome 3.28, I recently noticed that I can enter with Nautilus in the private directory /root and see the files inside while Nautilus is started without root rights. In addition I can create directories everywhere in the filesystem as a non-root user when I start nautilus like this :
$ nautilus admin:///
How is it possible while Nautilus do not have the root rights ? For the moment, it's a very strange security hole for me...
linux security gnome root nautilus
asked Apr 27 at 12:56
daiSKeul
43
 |Â
show 7 more comments
up vote
0
down vote
favorite
In my Arch Linux installation with Gnome 3.28, I recently noticed that I can enter with Nautilus in the private directory /root and see the files inside while Nautilus is started without root rights. In addition I can create directories everywhere in the filesystem as a non-root user when I start nautilus like this :
$ nautilus admin:///
How is it possible while Nautilus do not have the root rights ? For the moment, it's a very strange security hole for me...
linux security gnome root nautilus
asked Apr 27 at 12:56
daiSKeul
43
Do you have a NFS share on your machine? What happens if you run the commandping admin?
– dr01
Apr 27 at 13:02
No I haven't any NFS filesystem on my machine but when I run theping admincommand, I get this :64 bytes from assistance.tech.numericable.fr (82.216.111.26): icmp_seq=1 ttl=58 time=17.5 ms
– daiSKeul
Apr 27 at 13:05
1
It should ask for either the root password or your own password, depending on your system’s setup; but it will use cached authentication tokens if they are available (again depending on setup). Have you tweakedpkexec& co.?
– Stephen Kitt
Apr 27 at 13:07
No i haven't tweaked that but when I runpkexecit directly starts a root shell without asking me for any password...
– daiSKeul
Apr 27 at 13:10
Did you check it really doesn't have root rights? Something like suid bit set?
– Philippos
Apr 27 at 13:10
 |Â
show 7 more comments
up vote
0
down vote
favorite
up vote
0
down vote
favorite
In my Arch Linux installation with Gnome 3.28, I recently noticed that I can enter with Nautilus in the private directory /root and see the files inside while Nautilus is started without root rights. In addition I can create directories everywhere in the filesystem as a non-root user when I start nautilus like this :
$ nautilus admin:///
How is it possible while Nautilus do not have the root rights ? For the moment, it's a very strange security hole for me...
linux security gnome root nautilus
asked Apr 27 at 12:56
daiSKeul
43
In my Arch Linux installation with Gnome 3.28, I recently noticed that I can enter with Nautilus in the private directory /root and see the files inside while Nautilus is started without root rights. In addition I can create directories everywhere in the filesystem as a non-root user when I start nautilus like this :
$ nautilus admin:///
How is it possible while Nautilus do not have the root rights ? For the moment, it's a very strange security hole for me...
linux security gnome root nautilus
asked Apr 27 at 12:56
daiSKeul
43
edited May 21 at 8:59
asked Apr 27 at 12:56
daiSKeul
43
asked Apr 27 at 12:56
daiSKeul
43
asked Apr 27 at 12:56
daiSKeul
43
43
Do you have a NFS share on your machine? What happens if you run the commandping admin?
– dr01
Apr 27 at 13:02
No I haven't any NFS filesystem on my machine but when I run theping admincommand, I get this :64 bytes from assistance.tech.numericable.fr (82.216.111.26): icmp_seq=1 ttl=58 time=17.5 ms
– daiSKeul
Apr 27 at 13:05
1
It should ask for either the root password or your own password, depending on your system’s setup; but it will use cached authentication tokens if they are available (again depending on setup). Have you tweakedpkexec& co.?
– Stephen Kitt
Apr 27 at 13:07
No i haven't tweaked that but when I runpkexecit directly starts a root shell without asking me for any password...
– daiSKeul
Apr 27 at 13:10
Did you check it really doesn't have root rights? Something like suid bit set?
– Philippos
Apr 27 at 13:10
 |Â
show 7 more comments
Do you have a NFS share on your machine? What happens if you run the commandping admin?
– dr01
Apr 27 at 13:02
No I haven't any NFS filesystem on my machine but when I run theping admincommand, I get this :64 bytes from assistance.tech.numericable.fr (82.216.111.26): icmp_seq=1 ttl=58 time=17.5 ms
– daiSKeul
Apr 27 at 13:05
1
It should ask for either the root password or your own password, depending on your system’s setup; but it will use cached authentication tokens if they are available (again depending on setup). Have you tweakedpkexec& co.?
– Stephen Kitt
Apr 27 at 13:07
No i haven't tweaked that but when I runpkexecit directly starts a root shell without asking me for any password...
– daiSKeul
Apr 27 at 13:10
Did you check it really doesn't have root rights? Something like suid bit set?
– Philippos
Apr 27 at 13:10
Do you have a NFS share on your machine? What happens if you run the command
ping admin?– dr01
Apr 27 at 13:02
Do you have a NFS share on your machine? What happens if you run the command
ping admin?– dr01
Apr 27 at 13:02
No I haven't any NFS filesystem on my machine but when I run the
ping admin command, I get this : 64 bytes from assistance.tech.numericable.fr (82.216.111.26): icmp_seq=1 ttl=58 time=17.5 ms– daiSKeul
Apr 27 at 13:05
No I haven't any NFS filesystem on my machine but when I run the
ping admin command, I get this : 64 bytes from assistance.tech.numericable.fr (82.216.111.26): icmp_seq=1 ttl=58 time=17.5 ms– daiSKeul
Apr 27 at 13:05
1
1
It should ask for either the root password or your own password, depending on your system’s setup; but it will use cached authentication tokens if they are available (again depending on setup). Have you tweaked
pkexec & co.?– Stephen Kitt
Apr 27 at 13:07
It should ask for either the root password or your own password, depending on your system’s setup; but it will use cached authentication tokens if they are available (again depending on setup). Have you tweaked
pkexec & co.?– Stephen Kitt
Apr 27 at 13:07
No i haven't tweaked that but when I run
pkexec it directly starts a root shell without asking me for any password...– daiSKeul
Apr 27 at 13:10
No i haven't tweaked that but when I run
pkexec it directly starts a root shell without asking me for any password...– daiSKeul
Apr 27 at 13:10
Did you check it really doesn't have root rights? Something like suid bit set?
– Philippos
Apr 27 at 13:10
Did you check it really doesn't have root rights? Something like suid bit set?
– Philippos
Apr 27 at 13:10
 |Â
show 7 more comments
2 Answers
2
active
oldest
votes
up vote
1
down vote
Linx/Unix working as it should. System root files are not invisible, but they should be off-limits for writing. And some files you can see, but not read (e.g. /etc/shadow).
answered May 17 at 18:05
vonbrand
13.9k22443
OP said/rootnot/
– ctrl-alt-delor
May 17 at 22:07
add a comment |Â
up vote
0
down vote
accepted
My problem was caused by an insecure configuration of the sudo system. When I installed my Arch Linux system and to have the hability to execute commands without the root account, I added directly my username in the sudoers file like this :
martin ALL=(ALL) ALL
It worked very well with sudo but not at all with polkit. With this configuration, when I just typed pkexec in my shell, it opened a root shell without asking me for any password. But when Nautilus tries to access the /root directory, he execute the pkexec command. So that I could go in this directory without any password with my normal user account.
To correct the problem, I put my user in the wheel group and uncomment this line in the sudoers file
# %wheel ALL=(ALL) ALL
In conclusion, it's not a security breech in Nautilus but an insecure configuration I made...I'm sorry.
answered May 20 at 12:01
daiSKeul
43
In that case please fix the misleading title of your question...
– don_crissti
May 20 at 16:23
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
Linx/Unix working as it should. System root files are not invisible, but they should be off-limits for writing. And some files you can see, but not read (e.g. /etc/shadow).
answered May 17 at 18:05
vonbrand
13.9k22443
OP said/rootnot/
– ctrl-alt-delor
May 17 at 22:07
add a comment |Â
up vote
1
down vote
Linx/Unix working as it should. System root files are not invisible, but they should be off-limits for writing. And some files you can see, but not read (e.g. /etc/shadow).
answered May 17 at 18:05
vonbrand
13.9k22443
OP said/rootnot/
– ctrl-alt-delor
May 17 at 22:07
add a comment |Â
up vote
1
down vote
up vote
1
down vote
Linx/Unix working as it should. System root files are not invisible, but they should be off-limits for writing. And some files you can see, but not read (e.g. /etc/shadow).
answered May 17 at 18:05
vonbrand
13.9k22443
Linx/Unix working as it should. System root files are not invisible, but they should be off-limits for writing. And some files you can see, but not read (e.g. /etc/shadow).
answered May 17 at 18:05
vonbrand
13.9k22443
answered May 17 at 18:05
vonbrand
13.9k22443
answered May 17 at 18:05
vonbrand
13.9k22443
answered May 17 at 18:05
vonbrand
13.9k22443
13.9k22443
OP said/rootnot/
– ctrl-alt-delor
May 17 at 22:07
add a comment |Â
OP said/rootnot/
– ctrl-alt-delor
May 17 at 22:07
OP said
/root not /– ctrl-alt-delor
May 17 at 22:07
OP said
/root not /– ctrl-alt-delor
May 17 at 22:07
add a comment |Â
up vote
0
down vote
accepted
My problem was caused by an insecure configuration of the sudo system. When I installed my Arch Linux system and to have the hability to execute commands without the root account, I added directly my username in the sudoers file like this :
martin ALL=(ALL) ALL
It worked very well with sudo but not at all with polkit. With this configuration, when I just typed pkexec in my shell, it opened a root shell without asking me for any password. But when Nautilus tries to access the /root directory, he execute the pkexec command. So that I could go in this directory without any password with my normal user account.
To correct the problem, I put my user in the wheel group and uncomment this line in the sudoers file
# %wheel ALL=(ALL) ALL
In conclusion, it's not a security breech in Nautilus but an insecure configuration I made...I'm sorry.
answered May 20 at 12:01
daiSKeul
43
In that case please fix the misleading title of your question...
– don_crissti
May 20 at 16:23
add a comment |Â
up vote
0
down vote
accepted
My problem was caused by an insecure configuration of the sudo system. When I installed my Arch Linux system and to have the hability to execute commands without the root account, I added directly my username in the sudoers file like this :
martin ALL=(ALL) ALL
It worked very well with sudo but not at all with polkit. With this configuration, when I just typed pkexec in my shell, it opened a root shell without asking me for any password. But when Nautilus tries to access the /root directory, he execute the pkexec command. So that I could go in this directory without any password with my normal user account.
To correct the problem, I put my user in the wheel group and uncomment this line in the sudoers file
# %wheel ALL=(ALL) ALL
In conclusion, it's not a security breech in Nautilus but an insecure configuration I made...I'm sorry.
answered May 20 at 12:01
daiSKeul
43
In that case please fix the misleading title of your question...
– don_crissti
May 20 at 16:23
add a comment |Â
up vote
0
down vote
accepted
up vote
0
down vote
accepted
My problem was caused by an insecure configuration of the sudo system. When I installed my Arch Linux system and to have the hability to execute commands without the root account, I added directly my username in the sudoers file like this :
martin ALL=(ALL) ALL
It worked very well with sudo but not at all with polkit. With this configuration, when I just typed pkexec in my shell, it opened a root shell without asking me for any password. But when Nautilus tries to access the /root directory, he execute the pkexec command. So that I could go in this directory without any password with my normal user account.
To correct the problem, I put my user in the wheel group and uncomment this line in the sudoers file
# %wheel ALL=(ALL) ALL
In conclusion, it's not a security breech in Nautilus but an insecure configuration I made...I'm sorry.
answered May 20 at 12:01
daiSKeul
43
My problem was caused by an insecure configuration of the sudo system. When I installed my Arch Linux system and to have the hability to execute commands without the root account, I added directly my username in the sudoers file like this :
martin ALL=(ALL) ALL
It worked very well with sudo but not at all with polkit. With this configuration, when I just typed pkexec in my shell, it opened a root shell without asking me for any password. But when Nautilus tries to access the /root directory, he execute the pkexec command. So that I could go in this directory without any password with my normal user account.
To correct the problem, I put my user in the wheel group and uncomment this line in the sudoers file
# %wheel ALL=(ALL) ALL
In conclusion, it's not a security breech in Nautilus but an insecure configuration I made...I'm sorry.
answered May 20 at 12:01
daiSKeul
43
answered May 20 at 12:01
daiSKeul
43
answered May 20 at 12:01
daiSKeul
43
answered May 20 at 12:01
daiSKeul
43
43
In that case please fix the misleading title of your question...
– don_crissti
May 20 at 16:23
add a comment |Â
In that case please fix the misleading title of your question...
– don_crissti
May 20 at 16:23
In that case please fix the misleading title of your question...
– don_crissti
May 20 at 16:23
In that case please fix the misleading title of your question...
– don_crissti
May 20 at 16:23
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f440417%2fbig-security-problem-in-nautilus-3-28-1%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Do you have a NFS share on your machine? What happens if you run the command
ping admin?– dr01
Apr 27 at 13:02
No I haven't any NFS filesystem on my machine but when I run the
ping admincommand, I get this :64 bytes from assistance.tech.numericable.fr (82.216.111.26): icmp_seq=1 ttl=58 time=17.5 ms– daiSKeul
Apr 27 at 13:05
1
It should ask for either the root password or your own password, depending on your system’s setup; but it will use cached authentication tokens if they are available (again depending on setup). Have you tweaked
pkexec& co.?– Stephen Kitt
Apr 27 at 13:07
No i haven't tweaked that but when I run
pkexecit directly starts a root shell without asking me for any password...– daiSKeul
Apr 27 at 13:10
Did you check it really doesn't have root rights? Something like suid bit set?
– Philippos
Apr 27 at 13:10