I've reviewed this as well ( disclaimer: I am a friend of Kerin ) and I have to agree: this looks like a bad design decision. PolicyKit needs to have some way of synchronizing with system administrator privileges or there are just too many cooks in the kitchen. This is a classic example of lack of unity in design that Linux tends to suffer from. If PolicyKit has the ability to grant root access to users then it needs to behave like every other program that does so (like sudo). It should work through PAM just like everything else.
-- Exploitable to gain root access with non-priveleged user https://bugs.launchpad.net/bugs/358086 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
