This is by DESIGN? Your design is that any user can change the time, and therefore bypass the security of sudo? What's the justification for not having the user enter a password to change the time? Convenience?
Marc, with all due respect, did you even read the bug? "If you disable the sudo password for your account, you will seriously compromise the security of your computer. Anyone sitting at your unattended, logged in account will have complete Root access, and remote exploits become much easier for malicious crackers." This policy kit change adds a single condition: That the user has used sudo to escalate at some point, and it creates /exactly/ the same conditions. I'm going to re-open this just to be sure. It seems incredible that Ubuntu would intentionally let people bypass security like that. -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to gnome-control-center in Ubuntu. https://bugs.launchpad.net/bugs/1219337 Title: Users can change the clock without authenticating, allowing them to locally exploit sudo. To manage notifications about this bug go to: https://bugs.launchpad.net/cinnamon-desktop/+bug/1219337/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
