I managed to perform the command: "sudo apt-get install" without being asked for a password
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sudo (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
I wanted to install the package "gconf" so i went to a terminal and enterd:
"sudo apt-get install gconf"
I expected a question for a password (as usual) and was really suprised that it didnt ask me but started to download and install the package at once.
I tried the same command a few minutes later (as i just had logged in and though the rights for sudo could have come from there) and it still worked and didnt ask me for a password.
After testing i found also "sudo apt-get remove gconf" working fine without entering a password.
I belive this is a security bug as anyone having physical access to the computer could remove all programs without being asked for a password.
and before anyone asks: I verifyed that i didnt open a root-terminal.
security vulnerability: | yes → no |
just got asked if i entered the sudo-password somewhere else so i answer this question here already: it worked 20min later, too - no sudo-password is activated that long. And i didnt enter any sudo-password - all i did was reporting the bug here and in a forum (www.ubuntu- forum.de) and it worked after that, too.