3

I've noticed Software updater in 12.10 installs updates without asking for my password the way it used to.

My question is, how is it doing this and what is to prevent a malicious script/program using the same technique executing privileged commands without my password or in fact without me even knowing?

zcourts
  • 133
  • It cannot, unless you log in as root in your desktop environment (bad idea). I think you're just confused with the way sudo "remembers" your elevated privileges. Did you enter your password for elevated privileges some short time before? Then it will remember that for 10 minutes (the default), by design. See also: sudo credential caching on by default. – gertvdijk Jun 19 '13 at 12:28
  • 1
    Nah I hadn't done anything yet but I had signed in less than 10 mins or so before. I knew it cached when you sudo in the terminal but didn't know it did it elsewhere. And no I don't login as root. It's no event enabled :) – zcourts Jun 19 '13 at 12:41
  • It "caches" it everywhere, also via PolicyKit (the library used in the GUI to elevate the privileges). Can you reproduce this reliably after each reboot? If you don't have to enter any password then it's not default behaviour at all. – gertvdijk Jun 19 '13 at 12:45

1 Answers1

3

This is the way it works now all updates require a password in versions prior to 11.10 but since 11.10 the password is no longer requested for security updates.

A password is still required to install software and for updates that are not for security however.

From the Security Team FAQ:

Update Manager doesn't prompt for security updates

Why does update-manager no longer prompt for the user's password?

  • As of Ubuntu 11.10, update-manager no longer prompts for the user's password to apply updates. This was decided to improve usability and to make it easier for users to apply security updates and therefore increase system security. The rationale is as follows:

  • Like in previous releases, by default only people in the admin group are allowed access to perform security updates.

  • Only updates for already installed software can be applied without a password. Installing additional software still requires people to enter their password. The password prompt had become an irritant for some people such that they would just press 'Cancel' instead of installing the updates. The password prompt decreased system security for those users.

  • People that did dutifully apply updates became conditioned to enter their privileged password perhaps daily. When the user is prompted for the password, it should mean something and the frequency of update-manager updates meant that some people no longer thought about why they were entering their password. For these users, the password prompt had the potential to reduce security.

  • For environments where this change is deemed not appropriate, this functionality can be disabled by the administrator via PolicyKit or by creating users that are not in the admin group (a recommended practice to begin with).

gertvdijk
  • 67,947
Warren Hill
  • 22,112
  • 28
  • 68
  • 88
  • +1 Good to know this. It appears that this only holds for regular Ubuntu and not for Kubuntu which features Muon as the update manager. – gertvdijk Jun 19 '13 at 13:03