Your message dated Tue, 18 Jul 2006 21:07:50 -0300
with message-id <[EMAIL PROTECTED]>
and subject line Bug#378727: gksudo: remembering password circumvents admin's
policy in sudoers
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: gksu
Version: 1.9.1-2
Severity: minor
gksudo should not offer to remember the user's password (particularly
not in the keyring). If the local administrator wanted the user to be
able to run the command without typing a password, he would have used
NOPASSWD: in /etc/sudoers. Thus, this feature violates local security
policy, making it a security risk, and it should be removed.
(This bug probably deserves to be forwarded upstream and handled
there.)
--Ken Bloom
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-rc6-1ken
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages gksu depends on:
ii gnome-keyring 0.4.9-1 GNOME keyring services (daemon and
ii libatk1.0-0 1.12.1-1 The ATK accessibility toolkit
ii libc6 2.3.6-15 GNU C Library: Shared libraries
ii libcairo2 1.2.0-3 The Cairo 2D vector graphics libra
ii libfontconfig1 2.3.2-7 generic font configuration library
ii libgconf2-4 2.14.0-1 GNOME configuration database syste
ii libgksu2-0 1.9.5-1 library providing su and sudo func
ii libglib2.0-0 2.10.3-3 The GLib library of C routines
ii libgnome-keyring0 0.4.9-1 GNOME keyring services library
ii libgtk2.0-0 2.8.18-1 The GTK+ graphical user interface
ii liborbit2 1:2.14.0-2 libraries for ORBit2 - a CORBA ORB
ii libpango1.0-0 1.12.3-1 Layout and rendering of internatio
ii libstartup-notification0 0.8-1 library for program launch feedbac
ii libx11-6 2:1.0.0-7 X11 client-side library
ii libxcursor1 1.1.5.2-5 X cursor management library
ii libxext6 1:1.0.0-4 X11 miscellaneous extension librar
ii libxfixes3 1:3.0.1.2-4 X11 miscellaneous 'fixes' extensio
ii libxi6 1:1.0.0-5 X11 Input extension library
ii libxinerama1 1:1.0.1-4 X11 Xinerama extension library
ii libxrandr2 2:1.1.0.2-4 X11 RandR extension library
ii libxrender1 1:0.9.0.2-4 X Rendering Extension client libra
ii sudo 1.6.8p12-4 Provide limited super user privile
gksu recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Em Tue, 18 Jul 2006 10:15:04 -0500
Ken Bloom <[EMAIL PROTECTED]> escreveu:
> gksudo should not offer to remember the user's password (particularly
> not in the keyring). If the local administrator wanted the user to be
> able to run the command without typing a password, he would have used
> NOPASSWD: in /etc/sudoers. Thus, this feature violates local security
> policy, making it a security risk, and it should be removed.
>
> (This bug probably deserves to be forwarded upstream and handled
> there.)
Hey, upstream here =D
This was a bug in libgksu2-0, which was fixed in yesterday's upload
(showing up today in mirrors). gksudo was not really remembering the
password, it was simply misdisplaying the gnome-keyring checkboxes.
See you,
--
Gustavo Noronha Silva <[EMAIL PROTECTED]>
http://people.debian.org/~kov/
--- End Message ---
