** Description changed:
Binary package hint: gnome-system-tools
On my edgy system, the tools bundled within gnome-system-tools can be
launched without entering a password. Even by a user that shoult not be allowed
to run it. Once launched, it still performs well, modifying the system without
ANY check.
I am not sure that nothing is wrong with my system has it has been updated
from dapper (from breezy).
My /etc/sudoers looks like a default one :
Defaults !lecture,tty_tickets,!fqdn
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
The binaries are not setuid, the UI run normally as a simple user.
+
+ pitti: This should be fixed in Edgy, too, since it allows malicious
+ programs (even things like a firefox plugin) to modify system settings.
+ edgy-proposed debdiffs attached, explanations of patches are in comment
+ 41 and 42.
--
Admin tools require admin group membership
https://launchpad.net/bugs/59946
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
