Big security problem in Nautilus 3.28.1

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












In my Arch Linux installation with Gnome 3.28, I recently noticed that I can enter with Nautilus in the private directory /root and see the files inside while Nautilus is started without root rights. In addition I can create directories everywhere in the filesystem as a non-root user when I start nautilus like this :




$ nautilus admin:///




How is it possible while Nautilus do not have the root rights ? For the moment, it's a very strange security hole for me...







share|improve this question





















  • Do you have a NFS share on your machine? What happens if you run the command ping admin?
    – dr01
    Apr 27 at 13:02










  • No I haven't any NFS filesystem on my machine but when I run the ping admin command, I get this : 64 bytes from assistance.tech.numericable.fr (82.216.111.26): icmp_seq=1 ttl=58 time=17.5 ms
    – daiSKeul
    Apr 27 at 13:05






  • 1




    It should ask for either the root password or your own password, depending on your system’s setup; but it will use cached authentication tokens if they are available (again depending on setup). Have you tweaked pkexec & co.?
    – Stephen Kitt
    Apr 27 at 13:07










  • No i haven't tweaked that but when I run pkexec it directly starts a root shell without asking me for any password...
    – daiSKeul
    Apr 27 at 13:10










  • Did you check it really doesn't have root rights? Something like suid bit set?
    – Philippos
    Apr 27 at 13:10














up vote
0
down vote

favorite












In my Arch Linux installation with Gnome 3.28, I recently noticed that I can enter with Nautilus in the private directory /root and see the files inside while Nautilus is started without root rights. In addition I can create directories everywhere in the filesystem as a non-root user when I start nautilus like this :




$ nautilus admin:///




How is it possible while Nautilus do not have the root rights ? For the moment, it's a very strange security hole for me...







share|improve this question





















  • Do you have a NFS share on your machine? What happens if you run the command ping admin?
    – dr01
    Apr 27 at 13:02










  • No I haven't any NFS filesystem on my machine but when I run the ping admin command, I get this : 64 bytes from assistance.tech.numericable.fr (82.216.111.26): icmp_seq=1 ttl=58 time=17.5 ms
    – daiSKeul
    Apr 27 at 13:05






  • 1




    It should ask for either the root password or your own password, depending on your system’s setup; but it will use cached authentication tokens if they are available (again depending on setup). Have you tweaked pkexec & co.?
    – Stephen Kitt
    Apr 27 at 13:07










  • No i haven't tweaked that but when I run pkexec it directly starts a root shell without asking me for any password...
    – daiSKeul
    Apr 27 at 13:10










  • Did you check it really doesn't have root rights? Something like suid bit set?
    – Philippos
    Apr 27 at 13:10












up vote
0
down vote

favorite









up vote
0
down vote

favorite











In my Arch Linux installation with Gnome 3.28, I recently noticed that I can enter with Nautilus in the private directory /root and see the files inside while Nautilus is started without root rights. In addition I can create directories everywhere in the filesystem as a non-root user when I start nautilus like this :




$ nautilus admin:///




How is it possible while Nautilus do not have the root rights ? For the moment, it's a very strange security hole for me...







share|improve this question













In my Arch Linux installation with Gnome 3.28, I recently noticed that I can enter with Nautilus in the private directory /root and see the files inside while Nautilus is started without root rights. In addition I can create directories everywhere in the filesystem as a non-root user when I start nautilus like this :




$ nautilus admin:///




How is it possible while Nautilus do not have the root rights ? For the moment, it's a very strange security hole for me...









share|improve this question












share|improve this question




share|improve this question








edited May 21 at 8:59
























asked Apr 27 at 12:56









daiSKeul

43




43











  • Do you have a NFS share on your machine? What happens if you run the command ping admin?
    – dr01
    Apr 27 at 13:02










  • No I haven't any NFS filesystem on my machine but when I run the ping admin command, I get this : 64 bytes from assistance.tech.numericable.fr (82.216.111.26): icmp_seq=1 ttl=58 time=17.5 ms
    – daiSKeul
    Apr 27 at 13:05






  • 1




    It should ask for either the root password or your own password, depending on your system’s setup; but it will use cached authentication tokens if they are available (again depending on setup). Have you tweaked pkexec & co.?
    – Stephen Kitt
    Apr 27 at 13:07










  • No i haven't tweaked that but when I run pkexec it directly starts a root shell without asking me for any password...
    – daiSKeul
    Apr 27 at 13:10










  • Did you check it really doesn't have root rights? Something like suid bit set?
    – Philippos
    Apr 27 at 13:10
















  • Do you have a NFS share on your machine? What happens if you run the command ping admin?
    – dr01
    Apr 27 at 13:02










  • No I haven't any NFS filesystem on my machine but when I run the ping admin command, I get this : 64 bytes from assistance.tech.numericable.fr (82.216.111.26): icmp_seq=1 ttl=58 time=17.5 ms
    – daiSKeul
    Apr 27 at 13:05






  • 1




    It should ask for either the root password or your own password, depending on your system’s setup; but it will use cached authentication tokens if they are available (again depending on setup). Have you tweaked pkexec & co.?
    – Stephen Kitt
    Apr 27 at 13:07










  • No i haven't tweaked that but when I run pkexec it directly starts a root shell without asking me for any password...
    – daiSKeul
    Apr 27 at 13:10










  • Did you check it really doesn't have root rights? Something like suid bit set?
    – Philippos
    Apr 27 at 13:10















Do you have a NFS share on your machine? What happens if you run the command ping admin?
– dr01
Apr 27 at 13:02




Do you have a NFS share on your machine? What happens if you run the command ping admin?
– dr01
Apr 27 at 13:02












No I haven't any NFS filesystem on my machine but when I run the ping admin command, I get this : 64 bytes from assistance.tech.numericable.fr (82.216.111.26): icmp_seq=1 ttl=58 time=17.5 ms
– daiSKeul
Apr 27 at 13:05




No I haven't any NFS filesystem on my machine but when I run the ping admin command, I get this : 64 bytes from assistance.tech.numericable.fr (82.216.111.26): icmp_seq=1 ttl=58 time=17.5 ms
– daiSKeul
Apr 27 at 13:05




1




1




It should ask for either the root password or your own password, depending on your system’s setup; but it will use cached authentication tokens if they are available (again depending on setup). Have you tweaked pkexec & co.?
– Stephen Kitt
Apr 27 at 13:07




It should ask for either the root password or your own password, depending on your system’s setup; but it will use cached authentication tokens if they are available (again depending on setup). Have you tweaked pkexec & co.?
– Stephen Kitt
Apr 27 at 13:07












No i haven't tweaked that but when I run pkexec it directly starts a root shell without asking me for any password...
– daiSKeul
Apr 27 at 13:10




No i haven't tweaked that but when I run pkexec it directly starts a root shell without asking me for any password...
– daiSKeul
Apr 27 at 13:10












Did you check it really doesn't have root rights? Something like suid bit set?
– Philippos
Apr 27 at 13:10




Did you check it really doesn't have root rights? Something like suid bit set?
– Philippos
Apr 27 at 13:10










2 Answers
2






active

oldest

votes

















up vote
1
down vote













Linx/Unix working as it should. System root files are not invisible, but they should be off-limits for writing. And some files you can see, but not read (e.g. /etc/shadow).






share|improve this answer





















  • OP said /root not /
    – ctrl-alt-delor
    May 17 at 22:07

















up vote
0
down vote



accepted










My problem was caused by an insecure configuration of the sudo system. When I installed my Arch Linux system and to have the hability to execute commands without the root account, I added directly my username in the sudoers file like this :



martin ALL=(ALL) ALL


It worked very well with sudo but not at all with polkit. With this configuration, when I just typed pkexec in my shell, it opened a root shell without asking me for any password. But when Nautilus tries to access the /root directory, he execute the pkexec command. So that I could go in this directory without any password with my normal user account.



To correct the problem, I put my user in the wheel group and uncomment this line in the sudoers file



# %wheel ALL=(ALL) ALL


In conclusion, it's not a security breech in Nautilus but an insecure configuration I made...I'm sorry.






share|improve this answer





















  • In that case please fix the misleading title of your question...
    – don_crissti
    May 20 at 16:23










Your Answer







StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);








 

draft saved


draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f440417%2fbig-security-problem-in-nautilus-3-28-1%23new-answer', 'question_page');

);

Post as a guest






























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
1
down vote













Linx/Unix working as it should. System root files are not invisible, but they should be off-limits for writing. And some files you can see, but not read (e.g. /etc/shadow).






share|improve this answer





















  • OP said /root not /
    – ctrl-alt-delor
    May 17 at 22:07














up vote
1
down vote













Linx/Unix working as it should. System root files are not invisible, but they should be off-limits for writing. And some files you can see, but not read (e.g. /etc/shadow).






share|improve this answer





















  • OP said /root not /
    – ctrl-alt-delor
    May 17 at 22:07












up vote
1
down vote










up vote
1
down vote









Linx/Unix working as it should. System root files are not invisible, but they should be off-limits for writing. And some files you can see, but not read (e.g. /etc/shadow).






share|improve this answer













Linx/Unix working as it should. System root files are not invisible, but they should be off-limits for writing. And some files you can see, but not read (e.g. /etc/shadow).







share|improve this answer













share|improve this answer



share|improve this answer











answered May 17 at 18:05









vonbrand

13.9k22443




13.9k22443











  • OP said /root not /
    – ctrl-alt-delor
    May 17 at 22:07
















  • OP said /root not /
    – ctrl-alt-delor
    May 17 at 22:07















OP said /root not /
– ctrl-alt-delor
May 17 at 22:07




OP said /root not /
– ctrl-alt-delor
May 17 at 22:07












up vote
0
down vote



accepted










My problem was caused by an insecure configuration of the sudo system. When I installed my Arch Linux system and to have the hability to execute commands without the root account, I added directly my username in the sudoers file like this :



martin ALL=(ALL) ALL


It worked very well with sudo but not at all with polkit. With this configuration, when I just typed pkexec in my shell, it opened a root shell without asking me for any password. But when Nautilus tries to access the /root directory, he execute the pkexec command. So that I could go in this directory without any password with my normal user account.



To correct the problem, I put my user in the wheel group and uncomment this line in the sudoers file



# %wheel ALL=(ALL) ALL


In conclusion, it's not a security breech in Nautilus but an insecure configuration I made...I'm sorry.






share|improve this answer





















  • In that case please fix the misleading title of your question...
    – don_crissti
    May 20 at 16:23














up vote
0
down vote



accepted










My problem was caused by an insecure configuration of the sudo system. When I installed my Arch Linux system and to have the hability to execute commands without the root account, I added directly my username in the sudoers file like this :



martin ALL=(ALL) ALL


It worked very well with sudo but not at all with polkit. With this configuration, when I just typed pkexec in my shell, it opened a root shell without asking me for any password. But when Nautilus tries to access the /root directory, he execute the pkexec command. So that I could go in this directory without any password with my normal user account.



To correct the problem, I put my user in the wheel group and uncomment this line in the sudoers file



# %wheel ALL=(ALL) ALL


In conclusion, it's not a security breech in Nautilus but an insecure configuration I made...I'm sorry.






share|improve this answer





















  • In that case please fix the misleading title of your question...
    – don_crissti
    May 20 at 16:23












up vote
0
down vote



accepted







up vote
0
down vote



accepted






My problem was caused by an insecure configuration of the sudo system. When I installed my Arch Linux system and to have the hability to execute commands without the root account, I added directly my username in the sudoers file like this :



martin ALL=(ALL) ALL


It worked very well with sudo but not at all with polkit. With this configuration, when I just typed pkexec in my shell, it opened a root shell without asking me for any password. But when Nautilus tries to access the /root directory, he execute the pkexec command. So that I could go in this directory without any password with my normal user account.



To correct the problem, I put my user in the wheel group and uncomment this line in the sudoers file



# %wheel ALL=(ALL) ALL


In conclusion, it's not a security breech in Nautilus but an insecure configuration I made...I'm sorry.






share|improve this answer













My problem was caused by an insecure configuration of the sudo system. When I installed my Arch Linux system and to have the hability to execute commands without the root account, I added directly my username in the sudoers file like this :



martin ALL=(ALL) ALL


It worked very well with sudo but not at all with polkit. With this configuration, when I just typed pkexec in my shell, it opened a root shell without asking me for any password. But when Nautilus tries to access the /root directory, he execute the pkexec command. So that I could go in this directory without any password with my normal user account.



To correct the problem, I put my user in the wheel group and uncomment this line in the sudoers file



# %wheel ALL=(ALL) ALL


In conclusion, it's not a security breech in Nautilus but an insecure configuration I made...I'm sorry.







share|improve this answer













share|improve this answer



share|improve this answer











answered May 20 at 12:01









daiSKeul

43




43











  • In that case please fix the misleading title of your question...
    – don_crissti
    May 20 at 16:23
















  • In that case please fix the misleading title of your question...
    – don_crissti
    May 20 at 16:23















In that case please fix the misleading title of your question...
– don_crissti
May 20 at 16:23




In that case please fix the misleading title of your question...
– don_crissti
May 20 at 16:23












 

draft saved


draft discarded


























 


draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f440417%2fbig-security-problem-in-nautilus-3-28-1%23new-answer', 'question_page');

);

Post as a guest













































































Popular posts from this blog

How to check contact read email or not when send email to Individual?

Displaying single band from multi-band raster using QGIS

How many registers does an x86_64 CPU actually have?