Tobias, thanks for the report; after discussion we've decided to not handle this as a security vulnerability. Mixing root and not-root applications in one X11 session is a bad idea and this is further demonstration of the known issues.
It might still be worth reporting upstream -- the Nautilus developers may wish to have the program close when the last window is closed, or perhaps print a warning if they can determine that it is being run via sudo / su / gksu etc. Thanks ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to nautilus in Ubuntu. https://bugs.launchpad.net/bugs/1549901 Title: Force quitting Nautilus may give root access Status in nautilus package in Ubuntu: Confirmed Bug description: Ubuntu version: 16.04 Xenial Xerus Nautilus version: 1:3.18.4.is.3.14.3-0ubuntu2 Gnome Shell version: 3.18.3-3ubuntu1 Hi guys, I’ve been using Ubuntu for quite some time now, but I’m still an absolute noob, so please excuse my lack of technical knowledge. I’ve encountered a bug on Ubuntu 16.04 Xenial Xerus that seems quite grave to me: I use Ubuntu 16.04 alpha with Gnome Shell installed from the standard repos, with Nautilus managing my desktop. Sometimes Nautilus uses too much RAM or becomes unresponsive. In this case I use either the GUI "force quit" button or the killall nautilus command in order to restart it. This worked fine in previous versions of Ubuntu. When I do this in Xenial, the /root/Desktop folder appears on my home screen (discernible by a different wallpaper). From there, I can open Nautilus as root (by creating a new folder) or even a root terminal without entering a root/sudo password. Regards Tobias Voit To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nautilus/+bug/1549901/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
