alacarte crashed with TypeError in on_item_tree_cursor_changed()
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
alacarte (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: alacarte
Hardy amd64
wanted to check the program associated with 'manage user and groups' by viewing the properties from main-menu. During this the application crashed.
Program is 'users-admin' and contains a security bug:
it ignores the setting in sudoers, where I have configured to use the 'target-password' instead of insecure 'user-password'. Here the line in 'sudoers:
Defaults !lecture,
This definitely is a severe security issue, because it is absolutely useless to ask a user a second time for his password to gain administrative rights (he already logged in with the same PW).
I set up a genguine root-account, so I can use a simple password to comfortably log-in as a user, while the root-account is protected by a strong password. This password should be used to gain administrative rights!
ProblemType: Crash
Architecture: amd64
Date: Thu Feb 28 11:03:37 2008
DistroRelease: Ubuntu 8.04
ExecutablePath: /usr/bin/alacarte
InterpreterPath: /usr/bin/python2.5
NonfreeKernelMo
Package: alacarte 0.11.4-0ubuntu1
PackageArchitec
ProcCmdline: /usr/bin/python -OOt /usr/bin/alacarte
ProcEnviron:
PATH=/
LANG=de_DE.UTF-8
SHELL=/bin/bash
PythonArgs: ['/usr/
SourcePackage: alacarte
Title: alacarte crashed with TypeError in on_item_
Traceback:
Traceback (most recent call last):
File "/usr/lib/
item = items[iter][3]
TypeError: could not parse subscript as a tree path
Uname: Linux 2.6.24-8-generic x86_64
UserGroups: adm admin audio cdrom dialout dip flohostnamey lpadmin netdev plugdev powerdev scanner uml-net vboxusers video