On Wed, Nov 29, 2006 at 10:14:46PM -0000, Sebastien Bacher wrote: > Are you making that from that only bug? Adding complexity to the system > will not prevent bugs to happen. All the versions of Ubuntu are meant to > be stable and secure and I don't think that calling edgy unsecure is a > fair statement. Using those tools require to be logged with an user from > the admin group. Right asking for the password again is better, if > somebody can connect with your admin user you already a problem though
Verifying the user's identity with password authentication is an important safeguard; we explicitly do not use NOPASSWD in sudoers for this reason, and the lack of a check in Edgy is a regression. The security team are discussing potential ways to address this. -- - mdz -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
