Privileged `gnome-initial-setup` Greeter Allows Running a Bunch of Unrelated Applications
When running in the privileged gnome-initial-setup
greeter context when gdm
runs gnome-shell --mode=initial-setup
a restricted GNOME shell is presented where e.g. no applications menu and no "run program" dialog is available.
However, the keyboard shortcuts super + 1
to super + 10
allow to start a bunch of applications like Firefox, Evolution, LibreOffice Writer, Rythmbox or Nautilus. This, as a result, can be exploited to open a terminal despite of the gnome-initial-setup
user having /sbin/nologin
set as a shell.
To restrict the gnome-initial-setup
privileged greeter to its intended purpose it should be considered to disabled these shortcuts. I don't know which component is responsible for this but I was able to reproduce the behaviour on both openSUSE Tumbleweed and Fedora 30.