policykit introduction broke unix user groups
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnome-system-tools (Ubuntu) |
Won't Fix
|
Low
|
Unassigned | ||
network-manager (Ubuntu) |
Won't Fix
|
Low
|
Unassigned | ||
policykit (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
policykit-1 (Ubuntu) |
Won't Fix
|
Low
|
Unassigned | ||
ubuntu-meta (Ubuntu) |
Invalid
|
Low
|
Unassigned | ||
Bug Description
I have set up a number of user accounts. On one of these accounts I adjusted the user privileges (System-
* Connect to Internet using a modem
* Connect to wireless and ethernet networks
However, despite disabling access to the internet, the user is still able to connect to the internet through a wireless connection.
I am assuming that this is a security vulnerability, because the intention is to deny access and this doesn't occur.
I am using Ubuntu 8.10
----
Policykit has been introduced without supporting the unix groups. (used by admins and set up by the installer)
i.e. It is possible to create a policy that just said "yes" rather than "auth_*" where the default was "no", for anyone in the netdev group
so theiy could do it without a password.
-> we should ship PolicyKit config files that make use of these groups.
Changed in policykit: | |
assignee: | mdeslaur → nobody |
status: | Incomplete → Confirmed |
Changed in gnome-system-tools (Ubuntu): | |
importance: | Undecided → Low |
Changed in ubuntu-meta (Ubuntu): | |
status: | New → Invalid |
Changed in network-manager (Ubuntu): | |
status: | New → Confirmed |
Changed in policykit-1 (Ubuntu): | |
status: | New → Confirmed |
Changed in network-manager (Ubuntu): | |
importance: | Undecided → Low |
Changed in policykit-1 (Ubuntu): | |
importance: | Undecided → Low |
summary: |
- User Privileges ignored + user:group privileges ignored |
summary: |
- user:group privileges ignored + policykit breaking unix user/group privileges |
description: | updated |
tags: | added: regression |
summary: |
- policykit breaking unix user/group privileges + policykit introduction broke unix user/group privileges |
Changed in policykit-1 (Ubuntu): | |
status: | Invalid → Confirmed |
summary: |
- policykit introduction broke unix user/group privileges + policykit introduction broke unix user groups |
Did you try logging out and logging back in with that user when you tried it?