Bug#378727: gksudo: remembering password circumvents admin's policy in sudoers

Ken Bloom kbloom at gmail.com
Tue Jul 18 15:15:04 UTC 2006 

Package: gksu
Version: 1.9.1-2
Severity: minor

gksudo should not offer to remember the user's password (particularly
not in the keyring). If the local administrator wanted the user to be
able to run the command without typing a password, he would have used
NOPASSWD: in /etc/sudoers. Thus, this feature violates local security
policy, making it a security risk, and it should be removed.

(This bug probably deserves to be forwarded upstream and handled
there.)

--Ken Bloom

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-rc6-1ken
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages gksu depends on:
ii  gnome-keyring                0.4.9-1     GNOME keyring services (daemon and
ii  libatk1.0-0                  1.12.1-1    The ATK accessibility toolkit
ii  libc6                        2.3.6-15    GNU C Library: Shared libraries
ii  libcairo2                    1.2.0-3     The Cairo 2D vector graphics libra
ii  libfontconfig1               2.3.2-7     generic font configuration library
ii  libgconf2-4                  2.14.0-1    GNOME configuration database syste
ii  libgksu2-0                   1.9.5-1     library providing su and sudo func
ii  libglib2.0-0                 2.10.3-3    The GLib library of C routines
ii  libgnome-keyring0            0.4.9-1     GNOME keyring services library
ii  libgtk2.0-0                  2.8.18-1    The GTK+ graphical user interface 
ii  liborbit2                    1:2.14.0-2  libraries for ORBit2 - a CORBA ORB
ii  libpango1.0-0                1.12.3-1    Layout and rendering of internatio
ii  libstartup-notification0     0.8-1       library for program launch feedbac
ii  libx11-6                     2:1.0.0-7   X11 client-side library
ii  libxcursor1                  1.1.5.2-5   X cursor management library
ii  libxext6                     1:1.0.0-4   X11 miscellaneous extension librar
ii  libxfixes3                   1:3.0.1.2-4 X11 miscellaneous 'fixes' extensio
ii  libxi6                       1:1.0.0-5   X11 Input extension library
ii  libxinerama1                 1:1.0.1-4   X11 Xinerama extension library
ii  libxrandr2                   2:1.1.0.2-4 X11 RandR extension library
ii  libxrender1                  1:0.9.0.2-4 X Rendering Extension client libra
ii  sudo                         1.6.8p12-4  Provide limited super user privile

gksu recommends no packages.

-- no debconf information

More information about the Pkg-gnome-maintainers mailing list