[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security policy / root passwords

Hi,

Le dimanche 09 juin 2013 à 18:45 +0200, Daniel Pocock a écrit : 
> There have been multiple complaints about the new Gnome popup asking for
> the root password
> 
> I opened a bug for discussion about the issue, but it was closed by
> another DD (not the maintainer) - [1].  Other users have come across the
> bug too and requested attention for it with the same concerns that I have.
> 
> Essentially, my feeling is that users should be encouraged to NEVER put
> their root password into some popup that appears spontaneously on their
> computer.  Having this popup in Debian, by default, desensitizes users
> to the type of popups that will aim to deceive them.

I think there is some big confusion here.

It is not new for GNOME to ask for the root password for actions that
require root permissions. This is done through PolicyKit, which avoids
to run privileged code in the GUI, but which will nevertheless require
to type the root password in an unprivileged process (there is not much
way around that).

What is new is that PackageKit asks for a system update *systematically*
when it finds the system is not up-to-date. I don’t know why, but it
seems to have started with the wheezy release, it did not happen during
the freeze.

I consider it a bug, and one that we should aim to fix in the first
wheezy point release.

Cheers,
-- 
 .''`.      Josselin Mouette
: :' :
`. `'
  `-
Reply to: