restart by unauthorized user after updates

Bug #363269 reported by Alexander van Hoorn
256
Affects Status Importance Assigned to Milestone
update-notifier (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

I have two users on this system, Alexander (primary) and Troep (privileges: defaults for a new user, except for automatic access to external storage devices).

As Alexander, I used 'sudo apt-get upgrade' to install updates; this included some updates for compiz. While installing, I switched to user Troep. Apparently the updates had now finished installing, so I got a dialog box saying something about compiz needing a reboot. I clicked "restart now" to confirm it was really possible to reboot the computer. This was possible without further authorization, even though Alexander was still logged in.

Normally, Troep is not and should not be able restart the system while Alexander is still logged in, but this dialog allowed it anyway.

I have not yet tried to reproduce this.
Visual effects has been set to (none) for both users.
Using Ubuntu 9.04 Jaunty (beta).

visibility: private → public
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

I can reproduce this on jaunty.

affects: ubuntu → update-notifier (Ubuntu)
Changed in update-notifier (Ubuntu):
status: New → Confirmed
Changed in update-notifier (Ubuntu):
importance: Undecided → Low
Revision history for this message
Michael Vogt (mvo) wrote :

This is fixed in karmic with the new gnome-session and gdm2. It now asks for policykit confirmation if multiple users are logged in. Only then is a shutdown possible.

Changed in update-notifier (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.