I've submitted the bug upstream too, so you can replace the patch in the debdiff with one attached here.
** Bug watch added: freedesktop.org Bugzilla #105418 https://bugs.freedesktop.org/show_bug.cgi?id=105418 ** Also affects: fprintd via https://bugs.freedesktop.org/show_bug.cgi?id=105418 Importance: Unknown Status: Unknown ** Patch added: "0001-device-policy-only-allow-enroll-for-authenticated-us.patch" https://bugs.launchpad.net/ubuntu/+source/fprintd/+bug/1532264/+attachment/5074287/+files/0001-device-policy-only-allow-enroll-for-authenticated-us.patch -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to fprintd in Ubuntu. https://bugs.launchpad.net/bugs/1532264 Title: fprintd allows unauthorized root access Status in fprintd: Unknown Status in fprintd package in Ubuntu: Confirmed Bug description: For some reason, fprintd-enroll does not require any special authorization to run. This means that anyone coming across or stealing a machine with it installed and which is currently logged in and for which fingerprints are enabled for sudo authentication can elevate their access to superuser by simply running fprintd-enroll and scanning their own fingers. A subsequent sudo command will then give the new user access. Even if sudo access is not granted through fingerprints, a thief could get continued access to someone's account (for subsequent logging in) if they can enroll new fingerprints without re-authenticating as the original user. This seems a security threat. ProblemType: Bug DistroRelease: Ubuntu 15.10 Package: fprintd 0.6.0-1 ProcVersionSignature: Ubuntu 4.2.0-23.28-generic 4.2.6 Uname: Linux 4.2.0-23-generic x86_64 ApportVersion: 2.19.1-0ubuntu5 Architecture: amd64 CurrentDesktop: Unity Date: Fri Jan 8 11:35:02 2016 EcryptfsInUse: Yes InstallationDate: Installed on 2015-12-18 (21 days ago) InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021) SourcePackage: fprintd UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/fprintd/+bug/1532264/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
