Red Hat Bugzilla – Bug 1271436
login not secure
Last modified: 2015-10-14 08:25:10 EDT
Description of problem:
This only applies when using the Xorg interface, console logins are not affected.This insecurity is a well known issue on LANs and networked systems(at least 15 years).Standalone and lonely average PCs see this as a convenience.
Basically the user is presented with prior login information.Assuming there is only one average user, this may also be the reason.
Neither condition however should trigger this action.The less a hacker knows the better.And it is well known also that windows utilities can read extended volumes without needing a login.
Therefore, some level of encryption is warranted.Some prefer whole disk, some home folder.I think both are a tad wasteful.I prefer containers and Private folder linking.Generally if not logged in, this info is not available.Works wonders when browser and mail cached data is Privatized.But, some say this wont work with nfs mounts.
At a MINIMUM, nobody should be autologged in or have login info on the login page.You should know your login information. After all, most of you set the system up.
I have yet to test root logins under X11.Im being told it wont let you.
Version-Release number of selected component (if applicable):
21+ but as you know 21 soon to be retired.
everytime you log in via X11
Steps to Reproduce:
1.dont login yet, just look.
xorg has nothing to do with drawing the login screen or logging in.
There's a tradeoff to be made, and by default, in Fedora Workstation, we feel keeping the user list available is worth the information disclosure for the lion's share of users.
However, we recognize this default is not appropriate for all sites and users. Also, certainly opinions can different on where it is appropriate. So we provide a mechanism to disable the user list via dconf configuration.
See https://help.gnome.org/admin/system-admin-guide/stable/login-userlist-disable.html.en for more details.