> There's a fine balance between security and usability, and not everyone is comfortable with the same level of security. As I've mentioned before, it is trivial to modify the defaults to achieve the level of security that is appropriate for your environment.
If that's the case, why are you defaulting to a level that Debian, Fedora, Mint, and Windows all feel is too lax? Why not let the very few users who need this, change it to be less secure? Based on my discussions, it seems that this is actually a *sudo* bug, since it uses the non-monotonic clock, rather than using other system features. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1219337 Title: Users can change the clock without authenticating, allowing them to locally exploit sudo. To manage notifications about this bug go to: https://bugs.launchpad.net/cinnamon-desktop/+bug/1219337/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
