http://bugzilla.novell.com/show_bug.cgi?id=601782 http://bugzilla.novell.com/show_bug.cgi?id=601782#c0 Summary: Update Applet - su/root password always needed (illogical default entry in policy kid?) Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: i686 OS/Version: openSUSE 11.2 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: Martin.Seidler@web.de QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100317 SUSE/3.5.9-0.1.1 Firefox/3.5.9 I. 1. I have a problem with my "Update Applet 2.28.0" in GNOME (The same in KDE 4.3.5). It occurs when I want to make the applet do one or more suggested update(s). It always asks me for the password of superuser/root: "Authenticate : Authentication is required to update packages. [...]". I think under my installation before (11.1 maybe updated from an older version) I could tell the automatic/semi automatic updater to remember the su password (in YaST or in the authentication dialog?). 2. It is also a documentation bug: In the help manual on my computer (and in the internet) there is the possibility to make the updater remember the password via policy kit: ("Access to all privileged operations is controlled via PolicyKit." See: GNOME Documentation Library : gnome-packagekit Manual : Introduction) II. That policy make no sense: 1. The necessarily to use the root password should be reserved to actions you should think about twice and not to normal (security) updates. 2. The default policies are just contradictorily to the possible risk: 2. 1.They allow (by default) the root/someone with a root password 2.1.1 to tell the system to update complete automatically (without any human thinking or intentional acting) 2.1.2 to give (in KDE) a normal user access to the hole graphical operating system setup and configuration tool (/sbin/yast2). 2.2. But they allow not the automatic updater to remember the root password. (With a change in the policies the root may be able to change that?) 2.2. In contrast to that in my knowledge: 2.2.. The GNOME "Update Applet 2.28.0" (and the KDE equivalent) can only install the suggested updates (or not, if access to the cosing is given to that) so the risk is lower. 2.3. But by default you cannot tell the updater to save the root password. Reproducible: Always Steps to Reproduce: 1. Wait for an suggested automatic update. 2. Click on the red star with "!" 3. Click on "install updates" Actual Results: The Update Applet asks for the root password every time. Expected Results: To the user the choice/alternative the choice should be given to save the root password for the Update Applet (so it is not needed in the next case). http://www.novell.com/documentation/opensuse111/opensuse111_security/data/se... http://www.novell.com/documentation/opensuse111/opensuse111_security/?page=/... http://hal.freedesktop.org/docs/PolicyKit/ -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.