Comment 37 for bug 59946
Revision history for this message
| Matt Zimmerman (mdz) wrote Re: [Bug 59946] Re: Admin tools require admin group membership | #37 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
On Wed, Nov 29, 2006 at 10:14:46PM -0000, Sebastien Bacher wrote:
> Are you making that from that only bug? Adding complexity to the system
> will not prevent bugs to happen. All the versions of Ubuntu are meant to
> be stable and secure and I don't think that calling edgy unsecure is a
> fair statement. Using those tools require to be logged with an user from
> the admin group. Right asking for the password again is better, if
> somebody can connect with your admin user you already a problem though
Verifying the user's identity with password authentication is an important
safeguard; we explicitly do not use NOPASSWD in sudoers for this reason, and
the lack of a check in Edgy is a regression. The security team are
discussing potential ways to address this.
--
- mdz