Thanks for taking the time to report your issue. In this case, the tools
you're highlighting do not use sudo, but instead use policykit-1 to
verify privileges. In order to require the root password instead of your
user's password to operate those utilities, you'll need to modify your
policykit configuration to do so. Specifically, you'll need to override
the configuration in /etc/polkit-1/localauthority.conf.d/51-ubuntu-
admin.conf ; you can do this by creating a conf file that begins with a
higher number in /etc/polkit-1/localauthority.conf.d/ (e.g. 60-local-
admin.conf). Copying the contents of
/etc/polkit-1/localauthority.conf.d/50-localauthority.conf into it
(specifically setting 'AdminIdentities=unix-user:0') will cause
policykit to require the root password when authenticating for
administrative privileges.
You can verify this by using pkexec as well as the other tools you
listed above; e.g. "pkexec date" should require the root password after
changing your configuration.
And of course, you'll want to be careful making changes to your
policykit configuration, as you could be creating a security exposure
for yourself.
** Package changed: sudo (Ubuntu) => policykit-1 (Ubuntu)
** Changed in: policykit-1 (Ubuntu)
Status: New => Invalid
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1643931
Title:
Security problem with Super User Authorization
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1643931/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
