https://bugzilla.novell.com/show_bug.cgi?id=688267
https://bugzilla.novell.com/show_bug.cgi?id=688267#c9
Robert Davies changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |rob.opensuse.linux@googlema
| |il.com
--- Comment #9 from Robert Davies 2011-07-06 12:23:09 UTC ---
I received this after returning from locked (blank) screen saver on i686,
Tumbleweed install.
System policies prevent you from getting the brighness level.
An application is attempting to perform an action that requires
privileges. Authentication is req'd ..
Password for root:
[ ] Remember authorization
Application :
Action: Get brighness
Vendor: KDE
polkit.subject.pid: 3226
polkit.caller.pid: 3971
ladm@oak:~> ps aux |grep 3971
root 3971 0.0 0.7 38152 7428 ? Sl 11:37 0:00
/usr/lib/kde4/libexec/backlighthelper
This popup authorisation should BE REMOVED, for security reasons it is very
VERY misguided to have low level software be capable of asking for
"authentication" at some random point.
The purpose of authentication in features like login, su or kdesu, are to prove
that you have "root access", the program already has the privileges. This
ridiculous request for root pass for backlighthelper, will encourage social
engineering pass collection attacks via popups, as well as infuriate end users,
worse than Windows UAC (there a confirmation click on screen dim, is all that's
required)!
Issues like this should be handled by an error pop up, if the
privileges of a "helper" program are insufficient for it to operate, it's a
configuration error. The bug "rembering authorisation" ought not to be fixed,
but the root pass Authentication, ought only be possible for programs that are
setuid or have gain privileged capabilities, and wish to verify the end user's
right.
There's a design error in way polkit is implemented it seems, think LWN had an
article a while back to on similar problems in Fedora, polkit introduction.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.