Re: Security hole in LXDE?
On Mon 27 Feb 2017 at 11:13:00 (+0000), GiaThnYgeia wrote:
> I have never, not once, been able to run synaptic in any similar system
> without a root or a sudo password. Not to execute a command, just to
> get the gui up you need a password.
Why would that be? You should be able to do so. There's a popup
window that says this:
Starting "Synaptic Package Manager" without administrative privileges
You will not be able to apply any changes, but you can still export
the marked changes or create a download script for them.
I can select packages, look at their properties, dependencies,
installed files, get changelogs etc. I can edit some of the
preferences. I can see the immediate effects of that in files
like ~/.synaptic/synaptic.conf when I click OK. I can select
packages for installation and it will write a little script
So it suggests that the OP has set something in their system
to cause the behaviour they observe, both the popup and the
fact that a user's password is sufficient for installing software.
I can run (the similar program) aptitude likewise. The main differences
with synaptic are that aptitude is in the user's normal PATH (whereas
synaptic is in /usr/sbin); when you try to install, it asks you to
consider becoming root from the Actions menu; and if you persist, it
gives you the option to become root in a dialog box, and you can then
type the root password.
> I don't know whether creating a user with 100% admin privileges will
> still require a pass or not, I suspect it would still. As if you add a
> user in the sudo group it is the user's pass that is asked. So
> something is wrong on your specific installation.
> > Am Montag, 27. Februar 2017, 21:00:15 CET schrieb Davor Balder:
> >> Hi Hans,
> >> Question 1 which one: stable, testing or unstable?
> > testing/amd64
> >> Generally (to aid in your investigation):
> > I did, but found nothing unusual.
> > If no one can confirm this, it is a problem on my system!