Bug 651196 – Force providing old password/fingerprint in gnome-about-me fingerprint before changing settings

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 651196 - Force providing old password/fingerprint in gnome-about-me fingerprint before changing settings


Summary:	Force providing old password/fingerprint in gnome-about-me fingerprint before...


Status:	RESOLVED NOTGNOME

Product:	gnome-control-center
Classification:	Core
Component:	User Accounts
Version:	2.32.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Control-Center Maintainers
QA Contact:	Control-Center Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2011-05-26 22:20 UTC by Przemyslaw Kochanski
Modified:	2011-07-01 12:10 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Przemyslaw Kochanski 2011-05-26 22:20:38 UTC

I found easy way to make computer using pfrint authentication
completely insecure.

steps to reproduce:
find unlocked computer with fprint installed and fingerprints configured via gnome-about-me
launch gnome-about-me
click on disable fingerprint autch button
click on enable fingerprint autch button
scan your own fingers to take control of computer

what should happen:
authentication needed on click to disable fingerprint autch

Specs:
Ubuntu 11.04
Gnome 2.32.1
fingeprint PPA

Comment 1 André Klapper 2011-05-31 23:42:36 UTC

So where is the bug here, and what was the expected behavior?

Looks rather like you found a way to access all data from a computer:
1. Find unlocked computer
2. Copy everything to USB stick.

Not really a valid argumentation for a software bug if the user lets anybody access his/her computer...

Comment 2 Przemyslaw Kochanski 2011-06-01 15:32:25 UTC

Yes, but you have access to root's commands (sudo, su, etc.) therefore to entire system, not only user-space data. It's like you could passwd some user and set new password without entering previous password.

I emailed David Jurenka (Ubuntu's fingerprint PPA owner) about this bug and I received following reply:

"(...) Therefore, requiring a prior authentication seems like a very sensible thing to me (in the same way as passwd first asks for old password before allowing users to change it). Some people might argue that as soon as someone gains access to your computer with you being logged in, your account simply *is* compromised, no matter what. Still, as I said I think that GNOME's About Me should ask for password/fingerprint before letting you change the settings. Maybe deleting fingerprints could be without authentication (since if the users messes up and wants to get rid of fingerprint authentication because it doesn't work for him, he shouldn't be asked for a fingerprint to do that), but activating fingerprint authentication definitely should require a password. (...)"

Comment 3 André Klapper 2011-06-01 15:52:33 UTC

I see... Patches accepted.

Comment 4 Bastien Nocera 2011-07-01 12:10:34 UTC

If the distro is interested in doing that, they can change the fprintd PolicyKit settings in /usr/share/polkit-1/actions/net.reactivated.fprint.device.policy