[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security policy oversight needed?



On Thu, Nov 19, 2009 at 08:31:08AM -0600, Chris Adams wrote:
> Once upon a time, Richard Hughes <hughsient gmail com> said:
> > If you're not shipping custom PolicyKit rules then at the moment
> > normal users can, without authentication:
> 
> > * Enroll new fingerprints
> 
> That's along the lines of "change their password", which is reasonable
> (unless this is giving elevated access to those fingerprints).

Actually, that's a problem, because it doesn't require authentication.
passwd requires that you enter your current password first, for good
reason.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]