Bug#755943: nautilus: 'gksu nautilus' changes the whole desktop to a different user in special cases

Christian Meyer c2h5oh at web.de
Thu Jul 24 19:12:23 UTC 2014 

Package: nautilus
Version: 3.4.2-1+build1
Severity: important

Hello there,

I found a remarkable bug with nautilus (and letting it manage the desktop) in
version 3.4.2 (stable).

1. Log in as a user (e.g. abc) that doesn't 'have file manager handle the
desktop' (gnome-tweak-tool).
2. Now 'gksu nautilus' in a terminal window as a different user (e.g. xyz) that
has the mentioned option enabled.

You now see abc's desktop vanishing and xyz's desktop appear with all its files
and directories(beside opening the intended nautilus window). Everything you do
on the desktop is under xyz's name.

3. Close the intended nautilus window. You now may abort the waiting (not
finished) gksu command and / or close the terminal window.

Xyz's desktop keeps visible and functional. Everything you do within it is in
xyz's name.

Somehow it's a cool feature being 'logged in as two users' in the same UI. :)
But since this obviousy is not intended it mostly is a security bug. :(

Christian Meyer



-- System Information:
Debian Release: 7.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages nautilus depends on:
ii  desktop-file-utils         0.20-0.1
ii  gsettings-desktop-schemas  3.4.2-3
ii  gvfs                       1.12.3-4
ii  libatk1.0-0                2.4.0-2
ii  libc6                      2.13-38+deb7u3
ii  libcairo-gobject2          1.12.2-3
ii  libcairo2                  1.12.2-3
ii  libexempi3                 2.2.0-1
ii  libexif12                  0.6.20-3
ii  libgail-3-0                3.4.2-7
ii  libgdk-pixbuf2.0-0         2.26.1-1
ii  libglib2.0-0               2.33.12+really2.32.4-5
ii  libglib2.0-data            2.33.12+really2.32.4-5
ii  libgnome-desktop-3-2       3.4.2-1
ii  libgtk-3-0                 3.4.2-7
ii  libnautilus-extension1a    3.4.2-1+build1
ii  libnotify4                 0.7.5-1
ii  libpango1.0-0              1.30.0-1
ii  libselinux1                2.1.9-5
ii  libtracker-sparql-0.14-0   0.14.1-3
ii  libx11-6                   2:1.5.0-1+deb7u1
ii  libxml2                    2.8.0+dfsg1-7+wheezy1
ii  nautilus-data              3.4.2-1+build1
ii  shared-mime-info           1.0-1+b1

Versions of packages nautilus recommends:
ii  brasero          3.4.1-4
ii  eject            2.1.5+deb1+cvs20081104-13
ii  gnome-sushi      0.4.1-3
ii  gvfs-backends    1.12.3-4
ii  librsvg2-common  2.36.1-2

Versions of packages nautilus suggests:
ii  eog                    3.4.2-1+build1
ii  evince [pdf-viewer]    3.4.0-3.1
ii  mpg321 [mp3-decoder]   0.3.2-1.1
ii  totem                  3.0.1-8
ii  tracker                0.14.1-3
ii  vlc [mp3-decoder]      1:2.0.6-dmo2
ii  vlc-nox [mp3-decoder]  1:2.0.6-dmo2
ii  xdg-user-dirs          0.14-1
ii  xpdf [pdf-viewer]      3.03-10

-- no debconf information

More information about the pkg-gnome-maintainers mailing list