*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Jamie Strandboge
(jdstrand):
Binary package hint: policykit
policykit password dialog is insecure as they have the ability of being
overlapped by another window opening. For example, a dialog is
presented, nautilus presents another window due to inserting a disk. You
password is now shown in the bottom right of the nautilus window as if
you were searching for a filename within the window. You password is
presented to anyone watching in cleartext.
Expecting: In 8.04 we had consistency. All password prompts in the GUI
used gksudo which grayed out the rest of the screen blocking any
interference from other apps. We have lost that security and introduced
inconsistencies in the way of entering a password meaning anyone could
write a program asking for a password and a user would not know.
Policykit also asks for a password for each administrative utility
(unlike gksudo which remembered that you used it for ~15 min).
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: policykit (not installed)
ProcVersionSignature: Ubuntu 2.6.32-24.42-generic 2.6.32.15+drm33.5
Uname: Linux 2.6.32-24-generic i686
Architecture: i386
Date: Sat Sep 4 09:54:47 2010
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Release Candidate i386
(20100419.1)
ProcEnviron:
LANGUAGE=en_US:en_CA:en
LANG=en_US.utf8
SHELL=/bin/bash
SourcePackage: policykit
** Affects: policykit (Ubuntu)
Importance: Undecided
Status: New
** Tags: apport-bug i386 lucid
--
policykit password dialog is insecure
https://bugs.edge.launchpad.net/bugs/630226
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
