Well, I think at a minimum it's consistency issue. Both 'Login Screen' and 'Users and Groups' (maybe others, not known at this time) offer up an administrators name and allow a (verified) password to perform administrative duties while others like 'Synaptics' offer password entry but ultimately fail because the user doesn't really have sufficient permissions (rights) to perform said tasks. Worst case it's a security issue because regardless of password confidentiality (or strength) a user is (potentially) being given rights they actually do not have. How sally obtained the password is irrelevant, she's not supposed to get admin privileges.
-- privilege escalation https://bugs.launchpad.net/bugs/681685 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
