Bug 132112 - system-config-printer allows everybody to mess with configuration files
Summary: system-config-printer allows everybody to mess with configuration files
Status: CLOSED DUPLICATE of bug 112419
Alias: None
Product: Fedora
Classification: Fedora
Component: pam
Version: 3
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2004-09-08 22:17 UTC by Michal Jaegermann
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Clone Of:
Last Closed: 2005-09-13 14:18:40 UTC

Attachments (Terms of Use)

Description Michal Jaegermann 2004-09-08 22:17:03 UTC
Description of problem:

When called from a command line by typing 'system-config-printer'
on a non-root account it asks for a root password - as expected.
But when picked up from a menu under "System Settings->Printing"
it does not ask anything, allows to change settings and even
applies them!  Truly amazing!!!

Actually this does not seem to be config-printer property.
It seems that anything under "System Settings" can be picked
up from a menu, no passwords asked, although this is not the
case when called directly.  I just managed to accidentally
switch system-wide, but from a non-root account, a keybord
layout to Belgian one (which made things "interesting" for
a while :-).  I do not know what is really responsible for
that surprise so I will leave the original assignation.

Version-Release number of selected component (if applicable):

How reproducible:

Comment 1 Tim Waugh 2004-09-09 08:25:35 UTC
This is not a bug -- the password you typed it cached, as should be
made clear by the 'keys' icon in the systray on the panel.

Changing component to pam as this obviously isn't clear enough.

Comment 2 Michal Jaegermann 2004-09-09 13:56:05 UTC
The problem beeing that I **first** tried pickup up "Printing"
setup from a menu and only amazed that nothing wants a password
I typed 'system-config-printer' on a command line and then was
asked.  So I am not sure what is really cached and from when.

Now I have to search how to turn that off.

Comment 3 Tim Waugh 2004-09-09 14:04:11 UTC
It's the '-gui' variants of the commands that use that cache (it's a
pam setting).  You had typed in the root password before selecting it
from the menu.

Comment 4 Michal Jaegermann 2004-09-09 14:35:54 UTC
> You had typed in the root password before selecting it from the menu.

Sigh!  That is exactly the problem.  I did not.  I did that **later**
when trying to run things from a terminal window on a graphic desktop
(and which gave me '-gui' variants too).  So what was possibly cached
and from when I have no idea.  Definitely not from the current session
and on the top of that I changed a root password when trying things
which did not seem to have any effect on an observed behaviour.

Things are getting more and more scary with every comment.
Caching root passwords by a complicated GUI systems strikes me
as something that only some "usability expert" could invent.

Comment 5 Tomas Mraz 2004-10-08 11:52:08 UTC

*** This bug has been marked as a duplicate of 112419 ***

Note You need to log in before you can comment on or make changes to this bug.