My bank uses double identification (website + mobile app). When the
mobile app asks for a pin to confirm a payment, it displays the payment
information. So I know that the confirmation request comes from the
payment I just initiated, and that it's not a random window that pops up
from nowhere.
I think the Authentication Dialog should work the same way, displaying
information from the originating application, something like:
The application "foo bar" is requesting authentication for
"doing this and that".
For example:
==================================
Authentication request
The application "Software Update" is requesting authentication for
"installing gnome-maps, gnome-photos, gnome-foo, gnome-bar"
Please enter...
Password: [_____________]
==================================
If the explanation string starts to be long,
there could be a summary string,
and a longuer one in a collapsable container (or alike)
For example:
==================================
Authentication request
The application "Software Update" is requesting authentication for
"installing gnome-maps, gnome-photos, gnome-foo, gnome-bar" and more...
[v ### //see more// ########################################]
Please enter...
Password: [_____________]
==================================
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to policykit-1 in Ubuntu.
https://bugs.launchpad.net/bugs/1451398
Title:
too few information on Authentication Dialog
Status in policykit-1 package in Ubuntu:
Confirmed
Status in policykit-1-gnome package in Ubuntu:
Confirmed
Bug description:
The "Authentication required" dialog gives really too few information
about what requested it.
This happens for example for bug reports for system programs, but not only.
The question has also been asked, for example here:
http://unix.stackexchange.com/questions/87288/how-do-i-tell-what-program-is-asking-for-a-password
We have no clue where the dialog comes from.
Especially as sometimes there is a delay between some action and the
time when the dialog pops up, so it may seems it comes from nowhere.
Also as the dialog uses a different theme (dark theme) compared to the
application that may have triggered the dialog.
I am no security expert, but I see this as a security vulnerability. I
basically trust my system, but still I feel insecure typing my admin
password in a window that pops up "randomly".
What grants the origin of this dialog box?
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: policykit-1 0.105-8ubuntu2
Uname: Linux 4.1.0-040100rc1-generic i686
ApportVersion: 2.17.2-0ubuntu1
Architecture: i386
CurrentDesktop: GNOME
Date: Mon May 4 12:24:27 2015
InstallationDate: Installed on 2014-06-17 (320 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release i386 (20140417)
JournalErrors: Error: command ['journalctl', '-b', '--priority', 'warning']
failed with exit code 1: No journal files were found.
SourcePackage: policykit-1
UpgradeStatus: Upgraded to vivid on 2015-04-27 (6 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/policykit-1/+bug/1451398/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
