Bug 1225788
Summary: | /usr/libexec/pk-command-not-found can install packages without asking for root/sudo permissions | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Sascha Zantis <sascha.zantis> |
Component: | PackageKit | Assignee: | Richard Hughes <rhughes> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 22 | CC: | jonathan, kalevlember, projects.rg, rdieter, rhughes, smparrish |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-05-28 09:40:45 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Sascha Zantis
2015-05-28 09:06:39 UTC
This sounds like a security issue. Please make this report protected (not public to everyone), thanks. Feature since Fedora 12 as of 2009-08-07 . https://fedoraproject.org/wiki/Features/PackageKitCommandNotFound It's by design that admin users (in the wheel group) can install software without having to enter a password. See https://fedorahosted.org/fesco/ticket/1115#comment:18 and the discussion in the ticket for background information. Thanks for clarification. |