Ubuntu
ubuntu-dev-tools package

check-symbols asks for the sudo password without explaining why

Bug #194622 reported by Scott Kitterman
2
Affects Status Importance Assigned to Milestone
ubuntu-dev-tools (Ubuntu)
Fix Released
Wishlist
Siegfried Gevatter

Bug Description

Binary package hint: ubuntu-dev-tools

Check symbols asks for the user's password for sudo without explaining why. Before asking for elevated priviledges, the script should say what action will be taken if the password is given.

Siegfried Gevatter (rainct)
Changed in ubuntu-dev-tools:
importance: Undecided → Wishlist
status: New → Confirmed
Revision history for this message
Scott Kitterman (kitterman) wrote : Re: [Bug 194622] Re: check-symbols asks for the sudo password without explaining why

I disagree with this being wishlist. From a security perspective this is very
poor U/I. Users shouldn't give the password without knowing why it's needed
and so the current U/I encourages and trains users to poor security habits.

Revision history for this message
Siegfried Gevatter (rainct) wrote :

This will be fixed with the next ubuntu-dev-tools upload. Thanks for your feedback.

Changed in ubuntu-dev-tools:
assignee: nobody → rainct
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-dev-tools - 0.31

---------------
ubuntu-dev-tools (0.31) intrepid; urgency=low

  [ Siegfried-Angel Gevatter Pujals (RainCT) ]
  * pbuilder-dist.new:
     - Rewrite the script in Python to make it more robust and faster.
  * what-patch:
     - If cdbs-edit-patch is used, output "cdbs (patchsys.mk)" instead of
       just "cdbs" (LP: #195795).
  * check-symbols:
     - Add a brief explanation about why sudo privilegies are required
       in order to run this script (LP: #194622).
     - End with exit code 1 if there's an error.
  * suspicious-source:
     - Whitelist C# files (LP: #225691): *.cs.
     - Whitelist manpages: *.[0-9].

  [ Daniel Hahler ]
  * requestsync:
     - Use debian_bundle.changelog.Version for version comparison in
       debian_changelog.
     - Fix --lp for Firefox 3 (LP: #208808):
       It now tries ~/.lpcookie.txt, ~/.mozilla/*/*/cookies.sqlite and
       ~/.mozilla/*/*/cookies.txt to find a Launchpad cookie file.
       Also added a hint that you can create a valid file, by logging into
       Launchpad with Firefox.
     - Added confirm loops, which displays the message to be send/posted and
       either allows to edit (or forces to, in case of Ubuntu changes).
       (LP: #194613, #194615)
       This adds a convient edit_report method, which gets used both from the
       Launchpad and mail code path.
     - Do not fallback to submitting by email, if posting to Launchpad failed.
       This hasn't been requested and therefore should not get done.
     - post_bug: Catch IOError when setting bug importance (LP: #190061)
     - mail_bug: Catch socket.error (LP: #190739)

  [ Kees Cook ]
  * mk-sbuild-lv
    - don't install recommended packages during chroot install.
    - allow customization of schroot.conf suffix and LV/snapshot sizes.
  * what-patch:
    - restore previous output behavior, added logic to verbose test instead.
    - added details for each patch system report.
  * pull-debian-debdiff:
    - parse .dsc file for required source files.
    - switch to GPLv3
  * debian/control: add Depends needed for pull-debian-debdiff.
  * debian/copyright:
    - updated pull-debian-debdiff, which is now GPLv3.
    - adjusted Copyright lines to make lintian happy.

 -- Kees Cook <email address hidden> Fri, 13 Jun 2008 11:43:24 -0700

Changed in ubuntu-dev-tools:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.