Control: tags -1 + security Hi,
looping in the Debian security team as I consider this a security sensitive issue, simply to make them aware of it.
We do have an upstream issue now but no CVE number ttbomk. Regards, Michael Am 17.01.25 um 13:48 schrieb Michael Biebl:
Control: forwarded -1 https://github.com/polkit-org/polkit/issues/545 Hi, thanks for your bug report. I can confirm/reproduce this issue. So I've forwarded it to upstream accordingly. Am 17.01.25 um 11:23 schrieb li ar:Package: polkitd Version: 122-3 Severity: important File: polkit X-Debbugs-Cc: [email protected] Dear Maintainer,*** Reporter, please consider answering these questions, where appropriate ***Hello, I'm using LMDE6 (Linux Mint based on Debian 12).When, as a normal user, I call a command that requires root privileges on the command line, instead of getting rejected, I'm asked for root/ sudo password. I think the tool used to do that is polkit. That's why I post here.When I enter my (correct) password, but then DO NOT validate it by hitting return, then let the login/sudo TIMEOUT trigger, then my actual password get copy-pasted on the command line!!!!When I use "sudo" directly, there is no timeout, thus it does not happen. Example: ``` [✘] user@localmachine:~$ service ollama stop==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ==== ## <- I think it is polkit/pkexec that's called here?Authentication is required to stop 'ollama.service'. Authenticating as: USER,,, (user)Password: Failed to stop ollama.service: Connection timed out ## <- I just wait for timeout hereSee system logs and 'systemctl status ollama.service' for details. polkit-agent-helper-1: pam_authenticate failed: Authentication failure[✘] user@localmachine:~$ MyPassw0rd! ## My password is pasted on the CLI!!!!```
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pkg-utopia-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-utopia-maintainers
