User account 'remembers' admin password
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kdesudo (Ubuntu) |
Fix Released
|
High
|
Anthony Mercatante |
Bug Description
Some time in the last 24 hours my Kubuntu Gutsy laptop has changed its behaviour such that the user account now has FULL root access to any command or program. It asks for a password the first time you launch a program requiring root access but it then 'remembers' that password for the rest of the session and does not ask again.
For example if after start up I run 'kdesu konqueror' it will ask for my user password. If I then shut down root konqueror and for example start 'kdesu konsole' a console with full root privileges will launch straight away, it will not ask for a password again unless I logoff or reboot. The same applies to any other application requiring admin access such as kcontrol /system admin/system services. I click the 'admin mode' button and admin mode starts straight away without asking for any password.
$ uname -r
2.6.22-9-generic
kubuntu gutsy 64bit
Changed in kdesudo: | |
status: | Confirmed → Triaged |
Further research has led me to find the cause of this behaviour. It is not a duplicate of bug 87023 as suggested by your email, it is a new and extremely serious bug that will compromise any computer affected with it. Its cause is the package 'kdesudo 1.1.0Ubuntu1'. When this package is removed the default behaviour returns and passwords are requested for every instance of root or admin access. This is how it should be. I suggest you look at this package carefully.