https://bugzilla.suse.com/show_bug.cgi?id=1215590 Bug ID: 1215590 Summary: Showing the "Authentication Required" root prompt not immediately after clicking "Install" or "Update" in GNOME software is possibly fundamentally insecure Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: el@horse64.org QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- Showing the "Authentication Required" root prompt not immediately after clicking "Install" or "Update" in GNOME software seems to me like it is fundamentally insecure, and I would argue it destroys all security benefits this prompt might possibly bring. The problem is that you're essentially training the user to just consent to this prompt no matter what horrible malicious actor might be showing it, since it contains zero information allowing the user to verify it was triggered by a legitimate source. I also can't think of any way you could possibly provide that information, since even if you showed the process id and name, another process could just name itself "gnome-software" and the user isn't going to remember the process id. As a consequence, the only somewhat reliable mechanism the user has for verifying that this prompt is legitimate and not a bad actor is that the prompt showed right after they triggered an action that is actually intended. This however appears to be destroyed by delaying this prompt until the download or whatever preparation steps are complete, rather than as instant as possible after clicking the "Install" or "Update" button in GNOME software. (Because I assume nobody will be just keeping the GNOME software window and stare at it to check that the prompt happened right after some progress bar reached 100%, at least I certainly don't.) -- You are receiving this mail because: You are on the CC list for the bug.