Hi Matt, I propose to fix this bug in Edgy.
Bug: https://launchpad.net/bugs/59946 Impact: - user's password is not checked when starting a g-s-t application - allows malicious software (trojan horses, etc.) to silently modify system configuration - depends on 'admin' group presense and default semantics Patch: (same for edgy and feisty) - run g-s-t frontends through gksu - only allow root to connect to s-t-b dbus interface - detailed explanation of the patches: https://launchpad.net/distros/ubuntu/edgy/+source/gnome-system-tools/+bug/59946/comments/41 https://launchpad.net/distros/ubuntu/edgy/+source/gnome-system-tools/+bug/59946/comments/42 - debdiffs for edgy-proposed: http://librarian.launchpad.net/5247800/gnome-system-tools.edgy.diff http://librarian.launchpad.net/5247805/system-tools-backends.edgy.diff Thanks, pitti -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates? ** Changed in: gnome-system-tools (Ubuntu Edgy) Status: In Progress => Fix Committed -- Admin tools require admin group membership https://launchpad.net/bugs/59946 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
