Le mercredi 29 novembre 2006 à 20:19 +0000, Kurt a écrit :

> Considering this, it is really a great security risk that the admin
> tools do not check the password because if the admin user gets
> compromised, one can easily add a new user, log in as this one and do
> everything.
The admin user already has to be compromised. And if that happen
gnome-system-tools will probably not be the only problem you will have
then

> This should be fixed as soon as possible. I know that edgy is not
> considered as stable as dapper, but it is considered stable. Many people
> are not aware that edgy does not have the same stability and that the
> edgy release does probably have more security holes than dapper.

edgy is not a LTS but it's rather stable too

> Maybe it might be the time for a discussion if a third branch between
> the unstable and the stable one, probably something like testing in
> Debian, might be useful to prevent the users who want a really stable
> and secure system from using the releases like edgy because at this
> point edgy can really not be considerated stabe and secure.

Are you making that from that only bug? Adding complexity to the system
will not prevent bugs to happen. All the versions of Ubuntu are meant to
be stable and secure and I don't think that calling edgy unsecure is a
fair statement. Using those tools require to be logged with an user from
the admin group. Right asking for the password again is better, if
somebody can connect with your admin user you already a problem though

-- 
Admin tools require admin group membership
https://launchpad.net/bugs/59946

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to