subject:"Bug#869922\: policykit\-1\: members of group sudo become root with pkexec while ignoring \/etc\/sudoers"

Bug#869922: [Pkg-utopia-maintainers] Bug#869922: policykit-1: members of group sudo become root with pkexec while ignoring /etc/sudoers

2017-07-27 Thread Simon McVittie

On Thu, 27 Jul 2017 at 18:00:27 +0200, Michael Biebl wrote: > Granting root-like access via group sudo is intended and not a security > hole and the policykit policy is in line with the sudo policy here. This is also as documented in base-passwd, which is the central authority on what the predefin

Bug#869922: [Pkg-utopia-maintainers] Bug#869922: policykit-1: members of group sudo become root with pkexec while ignoring /etc/sudoers

2017-07-27 Thread Michael Biebl

Control: severity -1 normal Control: close -1 Am 27.07.2017 um 17:53 schrieb mviereck: > Package: policykit-1 > Version: 0.105-18 > Severity: grave > Tags: security > Justification: user security hole > > Dear Maintainer, > > If an unprivileged user is member of group sudo, he can achieve unrestr

Bug#869922: policykit-1: members of group sudo become root with pkexec while ignoring /etc/sudoers

2017-07-27 Thread mviereck

Package: policykit-1 Version: 0.105-18 Severity: grave Tags: security Justification: user security hole Dear Maintainer, If an unprivileged user is member of group sudo, he can achieve unrestricted root privileges with pkexec and his user password (instead of root password). This happens regard