[Bug 196451] [NEW] alacarte crashed with TypeError in on_item_tree_cursor_changed()

Thu, 28 Feb 2008 02:30:45 -0800 

*** This bug is a duplicate of bug 175602 ***
    https://bugs.launchpad.net/bugs/175602

*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: alacarte

Hardy amd64

wanted to check the program associated with 'manage user and groups' by
viewing the properties from main-menu. During this the application
crashed.

Program is 'users-admin' and contains a security bug:

it ignores the setting in sudoers, where I have configured to use the
'target-password' instead of insecure 'user-password'. Here the line in
'sudoers:

Defaults       !lecture,tty_tickets,!fqdn,targetpw,timestamp_timeout = 0

This definitely is a severe security issue, because it is absolutely useless to 
ask a user a second time for his password to gain administrative rights (he 
already logged in with the same PW).
I set up a genguine root-account, so I can use a simple password to comfortably 
log-in as a user, while the root-account is protected by a strong password. 
This password should be used to gain administrative rights!

ProblemType: Crash
Architecture: amd64
Date: Thu Feb 28 11:03:37 2008
DistroRelease: Ubuntu 8.04
ExecutablePath: /usr/bin/alacarte
InterpreterPath: /usr/bin/python2.5
NonfreeKernelModules: nvidia
Package: alacarte 0.11.4-0ubuntu1
PackageArchitecture: all
ProcCmdline: /usr/bin/python -OOt /usr/bin/alacarte
ProcEnviron:
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
PythonArgs: ['/usr/bin/alacarte']
SourcePackage: alacarte
Title: alacarte crashed with TypeError in on_item_tree_cursor_changed()
Traceback:
 Traceback (most recent call last):
   File "/usr/lib/python2.5/site-packages/Alacarte/MainWindow.py", line 437, in 
on_item_tree_cursor_changed
     item = items[iter][3]
 TypeError: could not parse subscript as a tree path
Uname: Linux 2.6.24-8-generic x86_64
UserGroups: adm admin audio cdrom dialout dip flohostnamey lpadmin netdev 
plugdev powerdev scanner uml-net vboxusers video

** Affects: alacarte (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apport-crash

-- 
alacarte crashed with TypeError in on_item_tree_cursor_changed()
https://bugs.launchpad.net/bugs/196451
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to