Bug#711105: When the "rootpw" option is activated in sudoers file, gksudo still ask for user's passwors.
Elie Gouzien
gouzien at MIT.EDU
Tue Jun 4 18:18:47 UTC 2013
Subject: When the "rootpw" option is activated in sudoers file, gksudo still ask for user's passwors.
Package: gksu
Version: 2.0.2-5
Severity: important
When the "rootpw" option is activated in sudoers file, gksudo still ask for
user's passwors. It makes the administrator believe that only the root password
can modify the system whereas any sudo user's password can do that. The
security failure is obvious.
-- System Information:
Debian Release: 6.0.7
APT prefers oldstable-updates
APT policy: (500, 'oldstable-updates'), (500, 'oldstable'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages gksu depends on:
ii libatk1.0-0 1.30.0-1 The ATK accessibility toolkit
ii libc6 2.11.3-4 Embedded GNU C Library: Shared lib
ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra
ii libfontconfig1 2.8.0-2.1 generic font configuration library
ii libfreetype6 2.4.2-2.1+squeeze4 FreeType 2 font engine, shared lib
ii libgconf2-4 2.28.1-6 GNOME configuration database syste
ii libgksu2-0 2.0.13~pre1-3 library providing su and sudo func
ii libglib2.0-0 2.24.2-1 The GLib library of C routines
ii libgnome-keyring0 2.30.1-1 GNOME keyring services library
ii libgtk2.0-0 2.20.1-2 The GTK+ graphical user interface
ii libpango1.0-0 1.28.3-1+squeeze2 Layout and rendering of internatio
ii libstartup-notificat 0.10-1 library for program launch feedbac
ii sudo 1.7.4p4-2.squeeze.4 Provide limited super user privile
Versions of packages gksu recommends:
ii gnome-keyring 2.30.3-5 GNOME keyring services (daemon and
gksu suggests no packages.
-- no debconf information
More information about the pkg-gnome-maintainers
mailing list