Security risk in Linux Mint

[(IVORY)]

Just a few weeks back I have got the realm of Linux Mint. I have done the installation of Mint Daryna Flu XBOX. What I have noticed a big security risk. The mapping / usr / b in / mintAssistant offers the user to activate the root password. Up there, there are not too many security measures, except that the rights of App are 766, thus no password and no one can delete this thing and it will change the word to root. So my question is: This distribution has a purpose single-user, or have I found a big problem. Can someone assist me for this thing? I think this is the major security flaw in Linux Mint.

[Ekpah]

MintAssistant is launched once and assumed that the first user to be logged is the same as that performed the installation. It could obviously be likely if the rights were not 766. Basic gdm connects you with a guest user in case of inactivity. So anyone connects to the master account can get the machine. Home file mintAssistant rights have never been 766 but in 755 but this does not change anything. Apparently anyone can run this program; it is really annoying anyway. Now I am also looking for the answer of this question.

[windows_user]

It's super dangerous. Caution, I changed them manually one, but from memory it was not the only one who posed the problem. I doubt in any utils that began with prices mint has a chmod 750 in doubt, and I turned in gdm user Mint. Frankly, the more I thought about it, the more I think it's really catastrophic. Can you imagine a position in a box that makes a mind, and whether the admin is ignoring it will end up with all his positions accessible to root? And yet here we talk about attention to a flaw, gender is a beta, it was our ball is not too serious, but just imagine what's behind. It will be better if they find a solution for this problem as soon as possible.

[Dolsy_bendal]

Yes it is problematic, unless it is used in standalone or when I'm missing something (if anyone can confirm or disprove). Since Mint is based on Ubuntu, I wonder if the question arises as to the latter. If anyone can enlighten me thank you in advance but it is true that this seems pretty serious (and surprising anyway!) I hope that the problem does not exist on Ubuntu. Only the applications of Mint are like that and if anyone can provide suggestion for this thing then it will be really great. I will be waiting for the replies related to this thing.

[Elijah]

I do not understand what went wrong? A user can launch mintAssistant, yes ... so what? If he does that mintAssistant have the rights of that user, and therefore the application will crash. Take the test. MintAssistant run by hand from a terminal without sudo and see for yourself, no changes are made to the account o root in the terminal for a fortune. There’s a huge difference between the applied permissions and file permissions inherited from the user and applied to a process. What matters here is that the user has root privileges; otherwise mintAssistant will not work properly. Note that GDM will run mintAssistant in root mode, and since the control uses gksu mintMenu. In both cases mintAssistant requires root privileges or sudo. If you run mintAssistant without these rights, you will see the GUI. If qqchose escapes me feel free but I do not see where the security hole is. Most tools are Mint executable by all; it says they carry out transactions of directors when they have administrative rights ... ie when they are launched by a sudo or root.

[(IVORY)]

I do not know if I was clear, I'll take an example. Everyone can run the Linux command "rm" and delete file. But then, depending on who is launching "echo" This command may or may not delete a particular file. Same here, depending on who starts mintAssistant, may or may not change the root account and fortunes for the terminal. As for GDM should be root to alter its configuration and it is precisely configured to provide only a single session mintAssistant to root. The first user to log on the system. So the only people able to access root are: