The Groovy Gorilla has reached end of life, so this bug will not be
fixed for that release
** Changed in: fprintd (Ubuntu Groovy)
Status: Fix Committed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.l
This bug was fixed in the package fprintd - 1.90.9-1~ubuntu20.04.1
---
fprintd (1.90.9-1~ubuntu20.04.1) focal; urgency=medium
* Backport to focal (LP: #1908119)
fprintd (1.90.9-1) unstable; urgency=medium
[ Marco Trevisan (Treviño) ]
* New upstream release:
- Fix multiple
Ok, I'll be proceeding with releasing this to focal users. But one thing
to consider: since this feels like a security-related fix, should we
maybe reach out to -security to get the package rebuilt and pushed there
as well?
--
You received this bug notification because you are a member of Ubuntu
@Chris, we are short on resources to do non LTS verifications, we will
eventually get to it but is it getting in the way of the fix to be made
available to LTS users now?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.lau
Is this also going to be verified for Groovy?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1532264
Title:
fprintd allows unauthorized root access
To manage notifications about this bug go to:
http
Both with fprintd-enroll and using g-c-c now a password prompt is
required when enrolling a new fingerprint.
This works concurrently when multiple users are trying to enroll.
❯ apt-cache policy fprintd
fprintd:
Installato: 1.90.9-1~u
Hello Christopher, or anyone else affected,
Accepted fprintd into groovy-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/fprintd/1.90.9-1~ubuntu20.10.1 in a
few hours, and then in the -proposed repository.
Please help us by testing this new package.
This bug was fixed in the package fprintd - 1.90.7-1
---
fprintd (1.90.7-1) unstable; urgency=medium
* New upstream release
- Fix fprintd DBus configuration (Closes: #976990)
- Change details of what requires authorization
- Fix various race conditions in pam_fprintd
Yeah, I agree on that... I also had a fix ready for more than a year
now, but the fprintd upstream state in the past years wasn't always
active (mostly due to the fact that hw producers didn't support sensors,
so there was only some community involvement), so it took a bit longer
before it could hi
Thanks for explaining the larger problem here. It's a bit frustrating
that this bug has existed for more than 9 years, (it seems the original
fix was put in in 2011), but it's taken this long to finally swat it.
Sounds like we're finally on the right path to getting this fixed.
Thanks again.
--
As you can see reading this old bug, the polkit rule fix is known, and
I've been working upstream to address this.
However as you can see [1] that simple change was not enough.
In fact as you can read in this documentation [2] the polkit method that we
call to check if an user is allowed to run a
Is there something I can do to expedite this? I submitted a bug that
wound up being a duplicate of this one, and even created and tested a
patch to the config. The config change is pretty trivial, and worked
perfectly in my testing. I'm not sure why this wouldn't be considered a
permanent fix ra
** Changed in: fprintd (Ubuntu)
Status: Fix Released => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1532264
Title:
fprintd allows unauthorized root access
To manage notificatio
** Changed in: fprintd (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1532264
Title:
fprintd allows unauthorized root access
To manage notifications
** Changed in: fprintd (Ubuntu)
Assignee: Marco Trevisan (Treviño) (3v1n0) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1532264
Title:
fprintd allows unauthorized root access
Bump.
I'm unsubscribing the Security Sponsors Team for now because Iain's
comment suggests concerns with the patches that should be addressed
before uploading.
Please resubscribe us once there is an adequate patch.
Thank you.
--
You received this bug notification because you are a member of Ub
Bastien says this is buggy after the auth times out?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1532264
Title:
fprintd allows unauthorized root access
To manage notifications about this bug go t
** Changed in: fprintd
Status: Unknown => Invalid
** Changed in: fprintd
Importance: Unknown => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1532264
Title:
fprintd allows unauthor
I've submitted the bug upstream too, so you can replace the patch in the
debdiff with one attached here.
** Bug watch added: freedesktop.org Bugzilla #105418
https://bugs.freedesktop.org/show_bug.cgi?id=105418
** Also affects: fprintd via
https://bugs.freedesktop.org/show_bug.cgi?id=105418
The attachment "policykit-enroll-auth-self.debdiff" seems to be a
debdiff. The ubuntu-sponsors team has been subscribed to the bug report
so that they can review and hopefully sponsor the debdiff. If the
attachment isn't a patch, please remove the "patch" flag from the
attachment, remove the "pat
** Patch added: "policykit-enroll-auth-self.debdiff"
https://bugs.launchpad.net/ubuntu/+source/fprintd/+bug/1532264/+attachment/5063611/+files/policykit-enroll-auth-self.debdiff
** Changed in: fprintd (Ubuntu)
Assignee: (unassigned) => Marco Trevisan (Treviño) (3v1n0)
--
You received th
Mh, ok... I didn't think much about this as that was something possible
using gnome-control-center UI or just dbus-calls.
In fact gnome-contrl-center doesn't require any unlocking operation for
setting the fingerprints, by default.
However pfrintd already supports policykit correctly, so IMHO we
Ah, on a side note, in ubuntu we want to enable the fingerprint
unlocking, not at login stage.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1532264
Title:
fprintd allows unauthorized root access
T
My thoughts exactly. It seems the enrollment files are stored in
/var/lib/fprintd, which is already restricted to root access with read
access for others, and the directories and files under it are root only
without even read permissions for others, yet fprintd-enroll seems able
to change them even
Protecting the executable is a lost cause -- afterall, we host thousands
of copies of it on our archive mirror network, and there are tens of
millions more on Ubuntu machines around the world.
Protecting the enrollment files may be more useful.
Thanks
--
You received this bug notification becau
Upon further reflection, instead of chmod o-x, use chmod 700. Otherwise,
the fprintd-enroll executable can be copied to the home directory and
executed from there, successfully changing the enrolled prints without
requiring root.
--
You received this bug notification because you are a member of U
I'm using 16.04 and installed from the default repos with a simple "sudo
apt install libpam-fprintd", and I'm seeing the same (original)
behaviour, as in fprintd-enroll doesn't require root to change the
enrolled fingerprints (and asks for 5 swipes to confirm enrollment).
The chmod o-x suggestion
This seems to me to have been changed ("fixed") now: I need to use sudo to
initiate fprintd-enroll.
However, with that change came a change in the behaviour of enroll. It only
asks for one fingerprint scan, rather than five.
The result seems to be that the finger print reader has terrible perfor
Hello!
Just came across the bug myself. Some googling and voila, here I am.
Thanks for already making the point clear and posting the description!
Until a proper solution is published, I think one can limit the danger
by disallowing ordinary users from enrolling (and other stuff):
sudo chmod o-x
** Changed in: fprintd (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1532264
Title:
fprintd allows unauthorized root access
To manage notifications about t
Interesting, the pam/pam_fprintd.c file has the following function that
would be used for the pam_chauthtok(3) function:
PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc,
const char **argv)
{
return PAM_SUCCESS;
}
If I've read this co
** Changed in: fprintd (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1532264
Title:
fprintd allows unauthorized root access
To manage notifications about th
Hi Seth,
Sorry. Can you tell me anything about what I might do to find the answer to
this question?
Or, in case this helps, here is what I have in my install notes:
# Fingerprint reader
sudo apt-get update
sudo apt-get install libpam-fprintd libfprint0 fprint-demo fprintd
#Then run this com
I don't see any PAM modules in the fprintd package when I installed it
into a test VM. This issue may be in whatever PAM module package uses
fprintd rather than the fprintd package itself. Which PAM module did you
install to get this behaviour?
Thanks
--
You received this bug notification becaus
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1532264
Title:
fprintd allows unauthorized root access
To manage notifications abo
35 matches
Mail list logo
