tag 606092 patch
thanks
On Mo, 2010-12-06 at 11:44 +0100, Julian Andres Klode wrote:
> Package: packagekit
> Severity: important
>
> PackageKit should not allow ordinary users to upgrade the system,
> or do anything that modifies it, with the only exception being
> maybe package list updates.
>
> It should only allow users with admin permission to do this.
The attached patch makes it more secure, it also requires admin
permission for package list updates.
--
Julian Andres Klode - Debian Developer, Ubuntu Member
See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/.
--- a/policy/org.freedesktop.packagekit.policy.in
+++ b/policy/org.freedesktop.packagekit.policy.in
@@ -93,7 +93,7 @@
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
- <allow_active>yes</allow_active>
+ <allow_active>auth_admin</allow_active>
</defaults>
</action>
@@ -131,7 +131,7 @@
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
- <allow_active>yes</allow_active>
+ <allow_active>auth_admin</allow_active>
</defaults>
</action>
@@ -178,7 +178,7 @@
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
- <allow_active>yes</allow_active>
+ <allow_active>auth_admin</allow_active>
</defaults>
</action>
@@ -193,7 +193,7 @@
<defaults>
<allow_any>no</allow_any>
<allow_inactive>no</allow_inactive>
- <allow_active>yes</allow_active>
+ <allow_active>auth_admin</allow_active>
</defaults>
</action>
