On Thu, Jul 31, 2014 at 08:57:29AM -0400, Anton Aylward wrote:
On 07/31/2014 08:50 AM, Marcus Meissner wrote:
On Thu, Jul 31, 2014 at 08:42:36AM -0400, James Rome wrote:
The Plasma Software Update desktop tool on 13.1 never asks for a password when it updates everything. Isn't this a security violation?
We configured it that installing the openSUSE supplied online updates is possible without a root password.
All other software operations (installing packages, removing packages, etc) should ask for the administrator password.
... Depending on how your system is configured. Please pay attention to how sudo is set up and the files in /etc/pam.d, and/all of which may allow operations for select users without asking for the root password.
The KDE Plasma updater is not using sudo, but calls packagekit which asks policykit in turn. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org