software updates password remember order wrong

Bug #371019 reported by Aaron Peterson on 2009-05-02
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
policykit-gnome (Ubuntu)
Medium
Unassigned
policykit-kde (Ubuntu)
Medium
Unassigned

Bug Description

Authentication is required to update packages.

"This session only" is safer than "Remember authorization"

the dialog is worded in a way that makes it easy to make the wrong selection-- which is why it's a security vulnerability -- there is no obvious way to change the setting if we got it wrong.

Remeber authorization
    []For this session only
    []always.

is probably how it should be read.

visibility: private → public
Kees Cook (kees) on 2009-05-06
affects: ubuntu → policykit (Ubuntu)
Changed in policykit (Ubuntu):
importance: Undecided → Medium
milestone: none → karmic-alpha-2
status: New → Confirmed
James Westby (james-w) wrote :

Are you using KDE?

I know the bug affects -gnome, but I'm not sure whether it
affects -kde as well.

As the reporter is presumably using packagekit, and so is probably
using KDE, I'm going to confirm the -kde task.

Thanks,

James

affects: policykit (Ubuntu) → policykit-gnome (Ubuntu)
Changed in policykit-kde (Ubuntu):
importance: Undecided → Medium
milestone: none → karmic-alpha-2
status: New → Confirmed

I have a question. Now that it seems that the list appears to have been removed from the window in gnome, (Why is that, by the way?) is this bug still relevant to karmic?

Jonathan Thomas (echidnaman) wrote :

This is fixed for the PolicyKit-1/Polkit-1 frontends, where the option is no longer present.

Changed in policykit-kde (Ubuntu):
status: Confirmed → Fix Released
Changed in policykit-gnome (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers