Security policy oversight needed?
draco
i.grok at comcast.net
Fri Nov 20 00:29:18 UTC 2009
On Thu, Nov 19, 2009 at 08:31:08AM -0600, Chris Adams wrote:
> Once upon a time, Richard Hughes <hughsient at gmail.com> said:
> > If you're not shipping custom PolicyKit rules then at the moment
> > normal users can, without authentication:
>
> > * Enroll new fingerprints
>
> That's along the lines of "change their password", which is reasonable
> (unless this is giving elevated access to those fingerprints).
Actually, that's a problem, because it doesn't require authentication.
passwd requires that you enter your current password first, for good
reason.
More information about the devel
mailing list