[Bug 1219337] Re: Users can change the clock without authenticating, allowing them to locally exploit sudo.

Marc Deslauriers Tue, 03 Sep 2013 10:11:42 -0700

This is by design. The policykit-desktop-privileges package contains a
policykit file that allows administrative users to do so:


from
/var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla:

[Setting the clock]
Identity=unix-group:admin;unix-group:sudo
Action=org.gnome.clockapplet.mechanism.*;org.gnome.controlcenter.datetime.config
ure;org.kde.kcontrol.kcmclock.save
ResultActive=yes


** Information type changed from Private Security to Public

** Changed in: unity
       Status: New => Invalid

** Changed in: gnome-control-center (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gnome-control-center in Ubuntu.
https://bugs.launchpad.net/bugs/1219337

Title:
  Users can change the clock without authenticating, allowing them to
  locally exploit sudo.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinnamon-desktop/+bug/1219337/+subscriptions

-- 
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs

[Bug 1219337] Re: Users can change the clock without authenticating, allowing them to locally exploit sudo.

Reply via email to