update manager no longer asking for password in 11.10 -

Ioannis Vranos ioannis.vranos at gmail.com
Fri Oct 21 16:51:23 UTC 2011


On Fri, Oct 21, 2011 at 3:03 PM, Alan Pope <alan at popey.com> wrote:
> On 20 October 2011 08:47, Ants Pants <antsmailinglist at gmail.com> wrote:
>> I've Googled and seen this bug submissions for this (update manager no
>> longer asking for password in 11.10) but I have this problem too.
>> Anyone else having problems with this? This is a big security hole.
>
> Ok, I have spoken to Matthew Pitt who committed the change. I asked
> what the rationale behind it was and where it was discussed. He
> indicated that the recommendation to allow updates to
> already-installed packages came from the Security Team. I contacted
> Marc Deslauriers from the Ubuntu Security Team about it and here's his
> response.
>
> "The rationale was to make Ubuntu more secure by making security
> updates easier to apply. If you're in the admin group, you already
> have access to do so, the password prompt was an irritant that made
> most people just press cancel instead of actually installing the
> updates."
>
> "malware cannot install additional software or anything. if malware
> wants to install your security updates, I say go for it :)"
>
> "it can easily be disabled by a sysadmin by creating a policykit file,
> or simply by creating users that aren't in the admin group"
>
> "there's another reason why we're doing it, we are trying to reduce
> the number of password prompt that appear to user. so a password
> prompt will make them stop and think about what they're doing, getting
> a password prompt every single day for updates means people aren't
> thinking about it anymore"
>
> There's a brief line about it in the Security Team FAQ:-
>
>  https://wiki.ubuntu.com/SecurityTeam/FAQ#Update_Manager_doesn.27t_prompt_for_security_updates
>
> In closing Marc suggested that anyone who wants to discuss this can
> join #ubuntu-hardened on IRC and chat with the team there.


These are OK, however my question is, with this authentication
mechanism (I think it is the "policykit" you are mentioning), having
us in its admin group, can a binary (trojan or virus) create its own
policykit cinfiguration files, without a password prompt?



-- 
Ioannis Vranos

http://www.cpp-software.net




More information about the ubuntu-users mailing list