Assuming that there is no root account is fine; however, it seems patently obvious that the best (and most foolproof, failsafe, and otherwise appropriate) method for checking the user's root privileges is to -not- have the application setuid as root by default and launch policykit through gksu(do) like many/most of the other administrative applications. Let me point out that this restriction would in no way hamper any functionality that already exists in gnome-policykit, while simultaneously increasing security significantly.
Yes, my concern is also that the users and groups tool allows non-root users to edit - and consequently assume - root access without needing to go through my system's inherent security measures. I understand that a "stock" system - out of box - will not be affected since the default user both has sudo privileges and policykit rights. However, it is folly to let the user's security depend on such arbitrary factors - the scenario in which one sets up a machine for another person, creates an administrator account, and then disables sudo for the initial account comes to mind. The solution I propose would account for this perfectly. -- Exploitable to gain root access with non-priveleged user https://bugs.launchpad.net/bugs/358086 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
