update-manager not asking for authentication in Oneiric Beta

Amedee Van Gasse amedee-ubuntu at amedee.be
Fri Sep 16 12:04:49 UTC 2011


On Thu, September 15, 2011 23:44, NoOp wrote:
> On 09/15/2011 01:47 AM, Colin Law wrote:
>> I would be interested on comments on this bug ([Oneiric]
>> update-manager installs packages without authentication)
>> https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/814331
>>
>> To summarise, in Oneiric Beta when an administrator user install
>> upgrades he/she is not asked to authenticate.  The bug is marked as
>> won't fix even though it is (as far as I can see) a change from
>> previous operation.
>>
>> I am interested in this from two points of view
>>
>> 1. Should update manager ask for authentication?
>>
>> 2. I thought that one of the principles of Linux that makes it much
>> less open to attack is that one cannot write to system areas of disk
>> without authentication.  How is it then that update manager is able to
>> do this (whether by accident or design) without authentication?
>>
>> Colin
>>
>
> I prefer UM asking for the password each time. That said, this seems to
> be more like when someone has enabled UM to automatically install secure
> updates (another 'feature' I don't necessarily agree with for various
> reasons).

I see a difference between real and perceived security. Having to enter
your password all the time may actually decrease security in some cases.
But I find it hard to explain what I mean in a language that is not my
native language.





More information about the ubuntu-users mailing list