> Hey, root can do everything and with sudo you're providing root > privileges to the process > you're invoking.
I can enroll my fingerprint and update the database _without_ sudo or under root. So any user not knowing my pam password can update my fingerprint. When he then invokes a pam-program which uses pam-fprintd.so (e.g. sudo, su) he can enroll _his_ fingerprint and pass authentication.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ fprint mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/fprint
