Ubuntu
sudo package

update-manager has root privileges after sudo was used

Bug #172695 reported by Bogdan Butnaru
256
Affects Status Importance Assigned to Milestone
sudo (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: sudo

I've just noticed something unexpected about sudo.

If I use sudo to run a program, I'm asked for my password. (Normal.) If later I run another program using sudo in the same terminal, I'm not asked again for the password, unless a certain delay has passed. (Normal.) Today, I happened to do that (see commands below), and then I ran update-manager, _without_ sudo. I noticed that update-manager _didn't_ ask for a password, and in fact went on and installed the updates right away. (Strange?)

Unless some recent updates gave update-manager the ability to install things without root privileges, there may be some bug in how sudo works. I suspect update-manager runs sudo to do the installing, and sudo thinks it's the user that did it. This is a security problem, since an unsuspecting user might run (without sudo) a malicious program, which can then get access to elevated privileges.

bogdanb@arioch:~$ sudo gedit /etc/apt/sources.list
[sudo] password for bogdanb:
bogdanb@arioch:~$ sudo aptitude update
Get:1 http://download.tuxfamily.org gutsy Release.gpg [189B]
Ign http://download.tuxfamily.org gutsy/avant-window-navigator Translation-en_US
[snipped lots of messages]
Get:32 http://archive.ubuntu.com gutsy-proposed/multiverse Packages [7570B]
Fetched 382kB in 5s (76.2kB/s)
Reading package lists... Done
bogdanb@arioch:~$ update-manager
[after this I pressed install, and it worked without asking for a password]

Revision history for this message
Roberto Sarrionandia (rbs-tito) wrote :

Thanks for taking the time to report this bug.

This behaviour is by design, sudo doesn't time out for a few minutes. If you want to change this behaviour see http://ubuntuforums.org/showthread.php?p=116697

Changed in sudo:
status: New → Invalid
Revision history for this message
Benjamin Rubin (bnrubin) wrote :

In addition, it should be noted that you should be using gksudo (Gnome) or kdesu (KDE) to run graphical applications as root. See http://psychocats.net/ubuntu/graphicalsudo for more information.

Revision history for this message
Bogdan Butnaru (bogdanb) wrote :

Good point about gksudo. But I'm not sure I understand Roberto's answer:

I know that sudo doesn't time out for a while, and that's OK. I expect to be able to run several apps with sudo and enter the password just once. What concerns me is that this is applied to applications that are _not_ run with sudo. That is, if I run:

$ sudo first-app
[enter password]
$ sudo second-app
[no password]
$ third-app
[no password, of course]

Then I wouldn't expect the third-app to get super-user privileges just because it runs a sub-process with sudo. It should only apply to apps where I manually specify sudo on the command line.

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.