New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 1 user

Issue metadata

Status: WontFix
Owner:
User never visited
Closed: Mar 2016
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: WiFi changes by guests persist in ChromeOS

Reported by resea...@nightwatchcybersecurity.com, Mar 17 2016 Back to list

Issue description

VULNERABILITY DETAILS
Making settings changes for WiFi in guest mode on a Chromebook persists the changes between reboots.

VERSION
Chrome Version: 49.0.2623.95 (Official Build) (64-bit)
Operating System: 7834.60.0 (= Official Build) stable-channel parrot

REPRODUCTION CASE
Login in guest mode. Make WiFi changes, reboot and check again.

 

Comment 1 by meacer@chromium.org, Mar 18 2016

Components: OS>Systems>Network
Owner: jleong@chromium.org
Status: Assigned
jleong: Is this expected behavior? Can you please triage/reassign as appropriate?

Comment 2 by meacer@chromium.org, Mar 18 2016

Labels: OS-Chrome

Comment 3 by jleong@chromium.org, Mar 18 2016

Cc: pstew@chromium.org snanda@chromium.org
This decision predates me, but I believe it is indeed expected behavior.

Paul (CC'ed) should be able to confirm.

Comment 4 by pstew@chromium.org, Mar 18 2016

I believe this is expected behavior.  You might want to chase down wdrewry@, bartfab@, and others in enterprise / security to understand what the intended model was.  I do know bartfab@ has made the case in other contexts that this is necessary to rectify network issues that may hamper regular user login.

Comment 5 by meacer@chromium.org, Mar 18 2016

Cc: bartfab@chromium.org wad@chromium.org
bartfab, wad: Could one of you please confirm this is working as intended? Thanks.

Comment 6 by meacer@chromium.org, Mar 21 2016

Status: WontFix
Closing the issue as working as intended, we can reopen if bartfab or wad disagrees.
+1. AFAIK, this is intended behavior. Note that if you set up a network with a *proxy* this way, the proxy will not apply to other users, unless they explicitly opt in.

Comment 8 by meacer@chromium.org, Mar 30 2016

Labels: -Restrict-View-SecurityTeam
bartfab: Thanks for confirming.

Dropping view restrictions from the bug.
Project Member

Comment 9 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 10 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic
Cc: ya...@nightwatchcybersecurity.com

Sign in to add a comment