** Changed in: fprintd (Ubuntu) Status: Confirmed => Fix Released
-- You received this bug notification because you are a member of Desktop Packages, which is subscribed to fprintd in Ubuntu. https://bugs.launchpad.net/bugs/1532264 Title: fprintd allows unauthorized root access Status in fprintd: Invalid Status in fprintd package in Ubuntu: Fix Released Bug description: For some reason, fprintd-enroll does not require any special authorization to run. This means that anyone coming across or stealing a machine with it installed and which is currently logged in and for which fingerprints are enabled for sudo authentication can elevate their access to superuser by simply running fprintd-enroll and scanning their own fingers. A subsequent sudo command will then give the new user access. Even if sudo access is not granted through fingerprints, a thief could get continued access to someone's account (for subsequent logging in) if they can enroll new fingerprints without re-authenticating as the original user. This seems a security threat. ProblemType: Bug DistroRelease: Ubuntu 15.10 Package: fprintd 0.6.0-1 ProcVersionSignature: Ubuntu 4.2.0-23.28-generic 4.2.6 Uname: Linux 4.2.0-23-generic x86_64 ApportVersion: 2.19.1-0ubuntu5 Architecture: amd64 CurrentDesktop: Unity Date: Fri Jan 8 11:35:02 2016 EcryptfsInUse: Yes InstallationDate: Installed on 2015-12-18 (21 days ago) InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 (20151021) SourcePackage: fprintd UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/fprintd/+bug/1532264/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp