Only administrators can change the local time without authenticating.
Regular non-administrative users cannot. This allows administrative
users travelling with laptops to change the timezone without getting an
authentication prompt.
Your attack vector assumes that an administrative user is going to leave
an open session unattended. If that is the case, there are a whole slew
of attacks that are possible, and don't require changing the date. For
example, creating scripts in ~/bin that are higher in the path then
system binaries.
If you have administrative users that are leaving session unlocked, you
have a more serious security issue than being able to change the time.
Since your local security policy is different than what is shipped in a
general purpose operating system, I suggest:
1- Requiring your administrative users to lock their workstation when they are
left unattended.
2- Requiring your administrative users to use "sudo -k" to forcibly invalidate
cached credentials.
3- Removing the policykit-desktop-privileges package, or overriding the policy
with a local one.
4- Disabling ntp, or setting up ntp authentication.
5- Setting a firmware password on local machines.
** Changed in: gnome-control-center (Ubuntu)
Status: New => Opinion
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to gnome-control-center in Ubuntu.
https://bugs.launchpad.net/bugs/1219337
Title:
Users can change the clock without authenticating, allowing them to
locally exploit sudo.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cinnamon-desktop/+bug/1219337/+subscriptions
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
