Mh, ok... I didn't think much about this as that was something possible using gnome-control-center UI or just dbus-calls.
In fact gnome-contrl-center doesn't require any unlocking operation for setting the fingerprints, by default. However pfrintd already supports policykit correctly, so IMHO we can be safe in shipping also that binary, the only important needed action for us is to patch the file 'net.reactivated.fprint.device.policy' so that the allow_active is set to auth_self_keep instead of yes (auth_self would be more restrictive, but prompting the password again during the enroll process isn't nice). By doing that both fprintd-enroll and fprintd-delete will just require an user authentication, such as gnome-control-center. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532264 Title: fprintd allows unauthorized root access To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fprintd/+bug/1532264/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
