too few information on Authentication Dialog
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
policykit-1 (Ubuntu) |
Confirmed
|
Wishlist
|
Unassigned | ||
policykit-1-gnome (Ubuntu) |
Confirmed
|
Wishlist
|
Unassigned |
Bug Description
The "Authentication required" dialog gives really too few information about what requested it.
This happens for example for bug reports for system programs, but not only.
The question has also been asked, for example here:
http://
We have no clue where the dialog comes from.
Especially as sometimes there is a delay between some action and the time when the dialog pops up, so it may seems it comes from nowhere.
Also as the dialog uses a different theme (dark theme) compared to the application that may have triggered the dialog.
I am no security expert, but I see this as a security vulnerability. I basically trust my system, but still I feel insecure typing my admin password in a window that pops up "randomly".
What grants the origin of this dialog box?
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: policykit-1 0.105-8ubuntu2
Uname: Linux 4.1.0-040100rc1
ApportVersion: 2.17.2-0ubuntu1
Architecture: i386
CurrentDesktop: GNOME
Date: Mon May 4 12:24:27 2015
InstallationDate: Installed on 2014-06-17 (320 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release i386 (20140417)
JournalErrors: Error: command ['journalctl', '-b', '--priority', 'warning'] failed with exit code 1: No journal files were found.
SourcePackage: policykit-1
UpgradeStatus: Upgraded to vivid on 2015-04-27 (6 days ago)
information type: | Private Security → Public Security |
Changed in policykit-1 (Ubuntu): | |
status: | New → Confirmed |
Changed in policykit-1-gnome (Ubuntu): | |
status: | New → Confirmed |
Changed in policykit-1 (Ubuntu): | |
importance: | Undecided → Wishlist |
Changed in policykit-1-gnome (Ubuntu): | |
importance: | Undecided → Wishlist |
Additionally,
it seems that the dialog is blocking the screen, preventing the user to check other windows
If I cancel the authentication, I am not sure how to restart the action (that triggered the authentication request) later, like for example an automatic bug report...