All fixes accepted into edgy-proposed. Please proceed to testing now. ** Changed in: gnome-system-tools (Ubuntu Edgy) Status: In Progress => Fix Committed
** Description changed: Binary package hint: gnome-system-tools - On my edgy system, the tools bundled within gnome-system-tools can be launched without entering a password. Even by a user that shoult not be allowed to run it. Once launched, it still performs well, modifying the system without ANY check. + On my edgy system, the tools bundled within gnome-system-tools can be launched without entering a password. Even by a user that should not be allowed to run it. Once launched, it still performs well, modifying the system without ANY check. I am not sure that nothing is wrong with my system has it has been updated from dapper (from breezy). My /etc/sudoers looks like a default one : Defaults !lecture,tty_tickets,!fqdn root ALL=(ALL) ALL %admin ALL=(ALL) ALL The binaries are not setuid, the UI run normally as a simple user. pitti: This should be fixed in Edgy, too, since it allows malicious programs (even things like a firefox plugin) to modify system settings. edgy-proposed debdiffs attached, explanations of patches are in comment 41 and 42. ** Tags added: verification-needed -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs