[Bug 216796] New: able to run programs using the root account without the right password
https://bugzilla.novell.com/show_bug.cgi?id=216796 Summary: able to run programs using the root account without the right password Product: openSUSE 10.2 Version: Beta 1 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: KDE AssignedTo: kde-maintainers@suse.de ReportedBy: yez@familieschepers.nl QAContact: qa@suse.de Hi, On a previous beta1 installation, I got the message "conversation with su failed" when I rmb on the time and "Adjust Date & Time" and entered the password. This installation, the first time I have to provide a correct password. But when I close the dialog, and select "Adjust Date & Time" again, an empty password will open the dialog. Also then, I'm able to start yast2 in "administrator"-mode without having to apply a correct password. Regards, Edwin -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=216796 andreas.hanke@gmx-topmail.de changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |andreas.hanke@gmx-topmail.de ------- Comment #1 from andreas.hanke@gmx-topmail.de 2006-10-31 16:22 MST ------- This is not a bug. kdesu now uses sudo instead of su for authentication (btw. this caused the other, old, unrelated and since long fixed conversation problem). Since what you describe is expected behaviour with sudo => not a bug IMHO. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=216796 ------- Comment #2 from yez@familieschepers.nl 2006-11-01 01:32 MST ------- Hi Andreas, If it is, then it doesn't seem right to me that I get a popup the 2nd time to provide the root's password. In this popup, it doesn't matter what I fill in, I will get the root access (very confusing). Moreover, if this is the intended functionality, I would expect a checkbox which says "remember password". At last, it also doesn't seem right to me that I don't have to provide the root's password anymore to get root's access to yast2 if I started (and closed!) the "Adjust Date & Time" before. If I don't close the "Adjust Date & Time", I'll have to provide a correct password to yast2. Regards, Edwin -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=216796 stbinner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Normal |Major Summary|able to run programs using |kdesu asks for root password even if not |the root account without the|required |right password | ------- Comment #3 from stbinner@novell.com 2006-11-07 09:44 MST ------- The password is only not required for 5 minutes unless overridden otherwise in /etc/sudoers -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=216796 ------- Comment #4 from yez@familieschepers.nl 2006-11-08 13:51 MST ------- Hello Stephan, The new subject ("kdesu asks for root password even if not required") is a concern, but I'm more concerned about the buggy functionality described in the 3rd paragraph of my comment. Moreover, it doesn't seem right to me that an ignorant user gets root's acces by default of a program (in this case yast2) if he/she left another app (adjust date&time) with root's access. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=216796 ------- Comment #5 from coolo@novell.com 2006-11-09 01:41 MST ------- If you're concerned about this, then deinstall sudo. KDE only offers a wrapper around that functionality -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=216796 rwalter@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rwalter@novell.com ------- Comment #6 from rwalter@novell.com 2007-01-04 02:14 MST ------- I was about to file a similar bug report because I find it very worrying that I can start YaST as root without it prompting for the password. I think this is a security risk. In the past I haven't worried about letting someone here at home borrow my desktop for a few mins if not connected to SUSE because I knew they couldn't do anything dangerous. When this person doesn't know how to use a command line, I also don't have to worry about the fact that my user is allowed to use sudo. But now you are telling me that if I've used YaST recently or anything else requiring root access I do have to worry. And nothing warned me of this. I consider this a significant change of behavior that both is unexpected and without warning. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=216796 marcel@hilzinger.hu changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|kdesu asks for root password|unexpected kdesu behaviour with sudo (no |even if not required |password required) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=216796 marcel@hilzinger.hu changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |marcel@hilzinger.hu ------- Comment #7 from marcel@hilzinger.hu 2007-01-08 02:51 MST ------- I completely agree with Rebecca: To make such a fundamental change without any documentation is a bad idea. Consider to add this to the release notes, if there will be a new version. Furthermore: sudo should not survive a logout/login. But with actual setup you still can start YaST without root Passwort after logout/login from KDE. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=216796 stbinner@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |alpha096@tpg.com.au ------- Comment #9 from stbinner@novell.com 2007-05-06 04:01 MST ------- *** Bug 271738 has been marked as a duplicate of this bug. *** -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=216796
Dirk Mueller
https://bugzilla.novell.com/show_bug.cgi?id=216796#c10
Thomas Biege
https://bugzilla.novell.com/show_bug.cgi?id=216796#c11
Stephan Binner
https://bugzilla.novell.com/show_bug.cgi?id=216796#c13
Stephan Binner
https://bugzilla.novell.com/show_bug.cgi?id=216796#c14
--- Comment #14 from Mike Wells
https://bugzilla.novell.com/show_bug.cgi?id=216796
User llunak@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=216796#c16
Lubos Lunak
https://bugzilla.novell.com/show_bug.cgi?id=216796
User llunak@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=216796#c17
Lubos Lunak
https://bugzilla.novell.com/show_bug.cgi?id=216796
User llunak@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=216796#c18
Lubos Lunak
https://bugzilla.novell.com/show_bug.cgi?id=216796
User llunak@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=216796#c19
Lubos Lunak
https://bugzilla.novell.com/show_bug.cgi?id=216796
User alpha096@virginbroadband.com.au added comment
https://bugzilla.novell.com/show_bug.cgi?id=216796#c20
--- Comment #20 from Scott Couston
https://bugzilla.novell.com/show_bug.cgi?id=216796
User meissner@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=216796#c21
--- Comment #21 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=216796
User llunak@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=216796#c22
--- Comment #22 from Lubos Lunak
https://bugzilla.novell.com/show_bug.cgi?id=216796
User llunak@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=216796#c23
Lubos Lunak
https://bugzilla.novell.com/show_bug.cgi?id=216796
User llunak@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=216796#c24
Lubos Lunak
https://bugzilla.novell.com/show_bug.cgi?id=216796
User llunak@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=216796#c25
Lubos Lunak
https://bugzilla.novell.com/show_bug.cgi?id=216796
User llunak@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=216796#c26
Lubos Lunak
https://bugzilla.novell.com/show_bug.cgi?id=216796
User alpha096@virginbroadband.com.au added comment
https://bugzilla.novell.com/show_bug.cgi?id=216796#c27
--- Comment #27 from Scott Couston
participants (1)
-
bugzilla_noreply@novell.com