https://bugzilla.novell.com/show_bug.cgi?id=688267 https://bugzilla.novell.com/show_bug.cgi?id=688267#c9 Robert Davies <rob.opensuse.linux@googlemail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rob.opensuse.linux@googlema | |il.com --- Comment #9 from Robert Davies <rob.opensuse.linux@googlemail.com> 2011-07-06 12:23:09 UTC --- I received this after returning from locked (blank) screen saver on i686, Tumbleweed install. System policies prevent you from getting the brighness level. An application is attempting to perform an action that requires privileges. Authentication is req'd .. Password for root: [ ] Remember authorization Application : Action: Get brighness Vendor: KDE polkit.subject.pid: 3226 polkit.caller.pid: 3971 ladm@oak:~> ps aux |grep 3971 root 3971 0.0 0.7 38152 7428 ? Sl 11:37 0:00 /usr/lib/kde4/libexec/backlighthelper This popup authorisation should BE REMOVED, for security reasons it is very VERY misguided to have low level software be capable of asking for "authentication" at some random point. The purpose of authentication in features like login, su or kdesu, are to prove that you have "root access", the program already has the privileges. This ridiculous request for root pass for backlighthelper, will encourage social engineering pass collection attacks via popups, as well as infuriate end users, worse than Windows UAC (there a confirmation click on screen dim, is all that's required)! Issues like this should be handled by an error pop up, if the privileges of a "helper" program are insufficient for it to operate, it's a configuration error. The bug "rembering authorisation" ought not to be fixed, but the root pass Authentication, ought only be possible for programs that are setuid or have gain privileged capabilities, and wish to verify the end user's right. There's a design error in way polkit is implemented it seems, think LWN had an article a while back to on similar problems in Fedora, polkit introduction. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.