https://bugzilla.novell.com/show_bug.cgi?id=734829 https://bugzilla.novell.com/show_bug.cgi?id=734829#c7 e j <e.johnson.phd@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |e.johnson.phd@gmail.com Platform|Other |x86-64 Severity|Normal |Major --- Comment #7 from e j <e.johnson.phd@gmail.com> 2012-10-04 19:29:52 UTC --- Like to confirm this bug on which is persistent throughout opensuse 11x 12x and running KDE 4x (still present in Suse 12.1, KDE 4.9). This is also a serious security issue as inactive sessions are not properly locked. Please refer also to related bug reports" Bug 298712, 295381, 294712 https://bugs.kde.org/show_bug.cgi?id=298712 https://bugs.kde.org/show_bug.cgi?id=295381 https://bugs.kde.org/show_bug.cgi?id=294712 Excerpt from: https://bugs.kde.org/show_bug.cgi?id=298712 --- Comment #9 from Oliver Henshaw <yoho_ahoy@hotmail.com> --- (In reply to comment #8)
Would greatly appreciate if anyone can make sense of this.
/usr/share/polkit-1/org.freedesktop.upower.policy [...] <action id="org.freedesktop.upower.suspend"> <description>Suspend the system</description> [...] <defaults> <allow_inactive>no</allow_inactive> <allow_active>yes</allow_active> </defaults> </action> This is what I have in fedora.
var/lib/polkit-1/org.freedesktop.upower.suspend.pkla
[org.freedesktop.upower.suspend] Identity=unix-group:* Action=org.freedesktop.upower.suspend ResultAny=auth_admin ResultInactive=auth_admin ResultActive=yes
This looks like the immediate cause of the problem. ResultInActive=auth_admin means that it will ask for a root password from an active local (and specifically not remote) session, if I understand correctly. This doesn't make any sense to me, since how can someone not in front of the computer enter a root password? Is this a system provided file or one you've created/edited yourself? You can check with 'rpm -qf FILE' and then 'rpm -qV PACKAGE'. If it does come from opensuse, could you file a bug asking whether "ResultInactive=auth_admin" makes any sense. That said, I think powerdevil is handling this badly too. I think this was caused by commit 2606ff0045470d360a2ad4ad8aeb2819f653676f - an attempt to fix an issue that was probably better fixed by commit d30b646dd83b81f750d786dab08a91dba7c49f3a - if I'm reading this right, Powerdevil attempts to autosuspend the system even when the session is inactive. Normally polkit disallows this and no harm is done. But on your system it brings up a root dialogue on the inactive session, and obviously an inactive session will idle out before an active one. The third problem is that a root dialogue on the inactive session might be annoying but it shouldn't block polkit-allowed actions in the active session. I can't see any reason why powerdevil should be to blame for this, but maybe someone more familiar with the code might: for now I'm going to blame polkit. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.