using sudo in "Run Application" (Alt+F2) does not prompt for password
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnome-panel (Ubuntu) |
Invalid
|
Low
|
Ubuntu Desktop Bugs |
Bug Description
Binary package hint: gnome
I saw that this bug was previously invalidated, but it IS a valid bug.
When using Run Application (Alt+F2) you can run commands with sudo using no password. I have used sudo -k and sudo -K to try and clear sudo timestamp, and I can STILL sudo using Alt+F2 without a password.
Even after logging out (by changing runlevel), logging back in, and then trying it without any previous sudos, it still works. This is in 8.04 Hardy Heron, by the way. Gnome version is 2.20.2.2.
Here is a step by step of what I did:
Sudoed in the terminal - but it hadn't been for a long while. The timestamp was probably expired.
By mistake, I hit Alt+F2. I wanted to switch to runlevel 1 to install some NVIDIA drivers. In the run dialog, I typed sudo init 1.
System dropped to runlevel 1 without asking for a password.
I installed drivers, ran init 5 at the root terminal.
Logged back in, DID NOT USE SUDO, and, as a test, ran a sudo command in the run dialog (Alt+F2). I actually used sudo nautilus, which, as I thought, opened nautilus which defaulted to root's home and once again did not ask for a password.
To test this further, I logged out yet again, logged back in, ran sudo -k and sudo -K to try and kill sudo entirely, and I was still allowed to sudo via Alt+F2. Fortunately, I discovered that this did not occur on my laptop, also running 8.04, on a cold boot.
I am not able to reproduce this on up to date Hardy.