As you can see reading this old bug, the polkit rule fix is known, and I've been working upstream to address this.
However as you can see [1] that simple change was not enough. In fact as you can read in this documentation [2] the polkit method that we call to check if an user is allowed to run a command, is run synchronously and this may lead fprintd to hang and stop doing other operations (that can be both in the driver or for other requests coming by other users). So, while the workaround can be acceptable in a single-user and single- request scenario, it could end up having problems in case the OS tries to do other requests to the fingerprint daemon while it's blocked. A situation could be that if you start the enrollment process and for some reason you don't complete within the auto-screen-lock time, then you may end up in freezing your system. Or in any other case... Fprintd is meant to be called by multiple applications other than the OS (even if right now very few use it), but ideally a Browser or an application may request you to use your fingerprint, and that could happen while the daemon is hanging, causing an unexpected behavior. Said that, as you can see the fix is merged and released in latest fprintd version that I'm currently packaging and soon backporting to 20.04, so even if with some delay we're handling this. Properly, finally. [1] https://gitlab.freedesktop.org/libfprint/fprintd/-/merge_requests/74 [2] https://www.freedesktop.org/software/polkit/docs/latest/PolkitAuthority.html#polkit-authority-check-authorization-sync -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1532264 Title: fprintd allows unauthorized root access To manage notifications about this bug go to: https://bugs.launchpad.net/fprintd/+bug/1532264/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
