132112 – system-config-printer allows everybody to mess with configuration files

Bug 132112 - system-config-printer allows everybody to mess with configuration files

Summary: system-config-printer allows everybody to mess with configuration files

Keywords:
Status:	CLOSED DUPLICATE of bug 112419
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	pam
Sub Component:
Version:	3
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-09-08 22:17 UTC by Michal Jaegermann
Modified:	2007-11-30 22:10 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-09-13 14:18:40 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Michal Jaegermann 2004-09-08 22:17:03 UTC

Description of problem:

When called from a command line by typing 'system-config-printer'
on a non-root account it asks for a root password - as expected.
But when picked up from a menu under "System Settings->Printing"
it does not ask anything, allows to change settings and even
applies them!  Truly amazing!!!

Actually this does not seem to be config-printer property.
It seems that anything under "System Settings" can be picked
up from a menu, no passwords asked, although this is not the
case when called directly.  I just managed to accidentally
switch system-wide, but from a non-root account, a keybord
layout to Belgian one (which made things "interesting" for
a while :-).  I do not know what is really responsible for
that surprise so I will leave the original assignation.

Version-Release number of selected component (if applicable):
system-config-printer-0.6.111-1

How reproducible:
Always

Comment 1 Tim Waugh 2004-09-09 08:25:35 UTC

This is not a bug -- the password you typed it cached, as should be
made clear by the 'keys' icon in the systray on the panel.

Changing component to pam as this obviously isn't clear enough.

Comment 2 Michal Jaegermann 2004-09-09 13:56:05 UTC

The problem beeing that I **first** tried pickup up "Printing"
setup from a menu and only amazed that nothing wants a password
I typed 'system-config-printer' on a command line and then was
asked.  So I am not sure what is really cached and from when.

Now I have to search how to turn that off.

Comment 3 Tim Waugh 2004-09-09 14:04:11 UTC

It's the '-gui' variants of the commands that use that cache (it's a
pam setting).  You had typed in the root password before selecting it
from the menu.

Comment 4 Michal Jaegermann 2004-09-09 14:35:54 UTC

> You had typed in the root password before selecting it from the menu.

Sigh!  That is exactly the problem.  I did not.  I did that **later**
when trying to run things from a terminal window on a graphic desktop
(and which gave me '-gui' variants too).  So what was possibly cached
and from when I have no idea.  Definitely not from the current session
and on the top of that I changed a root password when trying things
which did not seem to have any effect on an observed behaviour.

Things are getting more and more scary with every comment.
Caching root passwords by a complicated GUI systems strikes me
as something that only some "usability expert" could invent.

Comment 5 Tomas Mraz 2004-10-08 11:52:08 UTC


*** This bug has been marked as a duplicate of 112419 ***

Note You need to log in before you can comment on or make changes to this bug.