Mailinglist Archive: opensuse-security (19 mails)

< Previous Next >
Re: [opensuse-security] Software Updater never asks for password
On Thu, Jul 31, 2014 at 08:57:29AM -0400, Anton Aylward wrote:
On 07/31/2014 08:50 AM, Marcus Meissner wrote:
On Thu, Jul 31, 2014 at 08:42:36AM -0400, James Rome wrote:
The Plasma Software Update desktop tool on 13.1 never asks for a
password when it updates everything. Isn't this a security violation?

We configured it that installing the openSUSE supplied online updates
is possible without a root password.

All other software operations (installing packages, removing packages, etc)
should ask for the administrator password.

... Depending on how your system is configured.
Please pay attention to how sudo is set up and the files in /etc/pam.d,
and/all of which may allow operations for select users without asking
for the root password.

The KDE Plasma updater is not using sudo, but calls packagekit which asks
in turn.

Ciao, Marcus
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups