I think I may have found it.... It looks like policykit has some rules
with entries like:
```
subject.isInGroup("sudo")
```
That's ... broken. Just being in the `sudo` group should *NOT* let me
install software or elevate my priviledges, *ESPECIALLY* if the user
isn't actually in the sudoers. It's a broken assumption.
I changed the /etc/sudoers file so the `sudo` group does *NOT* have
permissions explicitly for this reason.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1850977
Title:
Snap installs software without user having sudo access
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1850977/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
