This is by design. The policykit-desktop-privileges package contains a
policykit file that allows administrative users to do so:
from
/var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla:
[Setting the clock]
Identity=unix-group:admin;unix-group:sudo
Action=org.gnome.clockapplet.mechanism.*;org.gnome.controlcenter.datetime.config
ure;org.kde.kcontrol.kcmclock.save
ResultActive=yes
** Information type changed from Private Security to Public
** Changed in: unity
Status: New => Invalid
** Changed in: gnome-control-center (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1219337
Title:
Users can change the clock without authenticating, allowing them to
locally exploit sudo.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinnamon-desktop/+bug/1219337/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
