All fixes accepted into edgy-proposed. Please proceed to testing now.
** Changed in: gnome-system-tools (Ubuntu Edgy)
Status: In Progress => Fix Committed
** Description changed:
Binary package hint: gnome-system-tools
- On my edgy system, the tools bundled within gnome-system-tools can be
launched without entering a password. Even by a user that shoult not be allowed
to run it. Once launched, it still performs well, modifying the system without
ANY check.
+ On my edgy system, the tools bundled within gnome-system-tools can be
launched without entering a password. Even by a user that should not be allowed
to run it. Once launched, it still performs well, modifying the system without
ANY check.
I am not sure that nothing is wrong with my system has it has been updated
from dapper (from breezy).
My /etc/sudoers looks like a default one :
Defaults !lecture,tty_tickets,!fqdn
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
The binaries are not setuid, the UI run normally as a simple user.
pitti: This should be fixed in Edgy, too, since it allows malicious
programs (even things like a firefox plugin) to modify system settings.
edgy-proposed debdiffs attached, explanations of patches are in comment
41 and 42.
** Tags added: verification-needed
--
Admin tools require admin group membership
https://launchpad.net/bugs/59946
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
