** Changed in: fprintd (Ubuntu)
Status: Fix Released => In Progress
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to fprintd in Ubuntu.
https://bugs.launchpad.net/bugs/1532264
Title:
fprintd allows unauthorized root access
Status in fprintd:
Invalid
Status in fprintd package in Ubuntu:
In Progress
Bug description:
For some reason, fprintd-enroll does not require any special authorization to
run.
This means that anyone coming across or stealing a machine with it
installed and which is currently logged in and for which fingerprints
are enabled for sudo authentication can elevate their access to
superuser by simply running fprintd-enroll and scanning their own
fingers. A subsequent sudo command will then give the new user
access.
Even if sudo access is not granted through fingerprints, a thief could
get continued access to someone's account (for subsequent logging in)
if they can enroll new fingerprints without re-authenticating as the
original user.
This seems a security threat.
ProblemType: Bug
DistroRelease: Ubuntu 15.10
Package: fprintd 0.6.0-1
ProcVersionSignature: Ubuntu 4.2.0-23.28-generic 4.2.6
Uname: Linux 4.2.0-23-generic x86_64
ApportVersion: 2.19.1-0ubuntu5
Architecture: amd64
CurrentDesktop: Unity
Date: Fri Jan 8 11:35:02 2016
EcryptfsInUse: Yes
InstallationDate: Installed on 2015-12-18 (21 days ago)
InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021)
SourcePackage: fprintd
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/fprintd/+bug/1532264/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
