Subject: When the "rootpw" option is activated in sudoers file, gksudo still ask for user's passwors. Package: gksu Version: 2.0.2-5 Severity: important
When the "rootpw" option is activated in sudoers file, gksudo still ask for user's passwors. It makes the administrator believe that only the root password can modify the system whereas any sudo user's password can do that. The security failure is obvious. -- System Information: Debian Release: 6.0.7 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gksu depends on: ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra ii libfontconfig1 2.8.0-2.1 generic font configuration library ii libfreetype6 2.4.2-2.1+squeeze4 FreeType 2 font engine, shared lib ii libgconf2-4 2.28.1-6 GNOME configuration database syste ii libgksu2-0 2.0.13~pre1-3 library providing su and sudo func ii libglib2.0-0 2.24.2-1 The GLib library of C routines ii libgnome-keyring0 2.30.1-1 GNOME keyring services library ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface ii libpango1.0-0 1.28.3-1+squeeze2 Layout and rendering of internatio ii libstartup-notificat 0.10-1 library for program launch feedbac ii sudo 1.7.4p4-2.squeeze.4 Provide limited super user privile Versions of packages gksu recommends: ii gnome-keyring 2.30.3-5 GNOME keyring services (daemon and gksu suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org