Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Author Message
sx9Offline
Post subject: polkit bug???  PostPosted: 20.09.2011, 16:10



Joined: 2010-09-12
Posts: 219
Location: Wiesbaden,Germany
Status: Offline
[Please have a look at the attached picture for reference]

Why is it possible, that I can use the login of any user to authenticate for actions limited to the root account?

After I enter the password for the user test for example, PackageKit installs the package without any request.
And that user doesn't have ever even seen or heard about the privileges of the root user!

So I ask you: How is this possible?



polkit-bug-small.png
 Description:
 Filesize:  505.79 KB
 Viewed:  3475 Time(s)

polkit-bug-small.png



_________________
My new self-made computer:
Intel Core i7-2600k
ASUS Maximus IV Gene-Z (Mainboard)
2x4GB DDR3 RAM
ATI Radeon HD 6770
OCZ Vertex 3 60GB (SSD)
Western Digital Caviar Green WD20EARX 2TB (HDD)
...
aptosid x86_64
 
 View user's profile Send private message Send e-mail Yahoo Messenger  
Reply with quote Back to top
hubiOffline
Post subject: Re: polkit bug, WTF???  PostPosted: 20.09.2011, 17:20
Moderator


Joined: 2010-09-11
Posts: 228
Location: Vienna (AT)
Status: Offline
      sx9 wrote:
[Please have a look at the attached picture for reference

After having booked an appointment with my optician I might be able to comment. I also don't have CSI tools.

In the meantime: I can't see anything what you were doing.

hubi

_________________
Tilos Rádió Budapest
 
 View user's profile Send private message Send e-mail  
Reply with quote Back to top
sx9Offline
Post subject:   PostPosted: 20.09.2011, 19:44



Joined: 2010-09-12
Posts: 219
Location: Wiesbaden,Germany
Status: Offline
I just wanted to install something via PackageKit.
But the polkit authentification service doesn't ask me for the root password anymore independent of what I want to do (installing a package, killing a process [ksysguard]).
Instead of that it asks for a user authentification!

_________________
My new self-made computer:
Intel Core i7-2600k
ASUS Maximus IV Gene-Z (Mainboard)
2x4GB DDR3 RAM
ATI Radeon HD 6770
OCZ Vertex 3 60GB (SSD)
Western Digital Caviar Green WD20EARX 2TB (HDD)
...
aptosid x86_64
 
 View user's profile Send private message Send e-mail Yahoo Messenger  
Reply with quote Back to top
sx9Offline
Post subject:   PostPosted: 20.09.2011, 19:49



Joined: 2010-09-12
Posts: 219
Location: Wiesbaden,Germany
Status: Offline
In addition, the message displayed by polkit is totally wrong, because gperiodic is from a trusted source, but that has less importance to me than the risk that anybody can access root rights over another user if I am logged in.

_________________
My new self-made computer:
Intel Core i7-2600k
ASUS Maximus IV Gene-Z (Mainboard)
2x4GB DDR3 RAM
ATI Radeon HD 6770
OCZ Vertex 3 60GB (SSD)
Western Digital Caviar Green WD20EARX 2TB (HDD)
...
aptosid x86_64
 
 View user's profile Send private message Send e-mail Yahoo Messenger  
Reply with quote Back to top
hubiOffline
Post subject:   PostPosted: 20.09.2011, 22:07
Moderator


Joined: 2010-09-11
Posts: 228
Location: Vienna (AT)
Status: Offline
I checked it. A default installation of packagekit offers me only one option: entering the root password. I cannot reproduce your situation.

hubi

_________________
Tilos Rádió Budapest
 
 View user's profile Send private message Send e-mail  
Reply with quote Back to top
sx9Offline
Post subject:   PostPosted: 21.09.2011, 17:58



Joined: 2010-09-12
Posts: 219
Location: Wiesbaden,Germany
Status: Offline
I had reinstalled polkit a time ago, because it only accepted the password "default" and not the real root password.
Can I fix this somehow?

_________________
My new self-made computer:
Intel Core i7-2600k
ASUS Maximus IV Gene-Z (Mainboard)
2x4GB DDR3 RAM
ATI Radeon HD 6770
OCZ Vertex 3 60GB (SSD)
Western Digital Caviar Green WD20EARX 2TB (HDD)
...
aptosid x86_64
 
 View user's profile Send private message Send e-mail Yahoo Messenger  
Reply with quote Back to top
Display posts from previous:     
Jump to:  
All times are GMT - 12 Hours
Post new topic   Reply to topic
View previous topic Printable version Log in to check your private messages View next topic
Powered by Zafenio