Bug 11438

Summary: Root passwd visable when openning mcc & (polkit update)
Product: Mageia Reporter: martyn vidler <martynvidler>
Component: RPM PackagesAssignee: Colin Guthrie <mageia>
Status: RESOLVED INVALID QA Contact:
Severity: major    
Priority: Normal CC: martynvidler, thierry.vignaud
Version: Cauldron   
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Source RPM: CVE:
Status comment:

Description martyn vidler 2013-10-10 23:19:02 CEST 
Description of problem:
Running MAG4 64 bit E17 DT
I login open Terminal Type mcc &, I get correct output then option to enter passwd. As I type the passwd is visable. If I only enter mcc then option for passwd is asked for but when typed not visable.


Version-Release number of selected component (if applicable):


How reproducible:
Always just login enter as user mcc &


Steps to Reproduce:
1.
2.
3.


Reproducible: 

Steps to Reproduce:
martyn vidler 2013-10-10 23:19:30 CEST

CC: (none) => martynvidler
Severity: normal => major

David Walser 2013-10-10 23:21:47 CEST

Component: Security => RPM Packages
Assignee: bugsquad => thierry.vignaud
QA Contact: security => (none)

Comment 1 martyn vidler 2013-10-10 23:58:25 CEST 
Also as a user with sudo mcc & wont start, But sudo mcc starts ok

As root mcc & works ok
Comment 2 Thierry Vignaud 2013-10-11 07:07:38 CEST 
polkit adaptation is Colin's work

CC: (none) => thierry.vignaud
Assignee: thierry.vignaud => mageia

Comment 3 Colin Guthrie 2013-10-11 10:21:52 CEST 
Regarding backgrounding processes that need user input, but this pretty much expected. You are putting the application in the background and returning control to the shell, so whatever you type is going into the shell itself just as with any other command you type... simply don't use & here.

Ultimately this issue can probably be avoided if E17 had an appropriate polkit authorisation agent running. Perhaps it has one but it's not configured to run at login or installed (i.e. not (yet) one of the required packages). When a proper authorisation agent is running the password will be asked for via a GUI popup, not via the CLI and thus you can put the app into the background quite happily.

In theory, the only time you should be asked for a pass via the console is when you are launching in text mode, and in that case you really cannot use & to put it into the background anyway :)

Summary: Root passwd visable when openning mcc & => Root passwd visable when openning mcc & (polkit update)

Comment 4 Colin Guthrie 2014-02-23 18:44:54 CET 
This isn't a bug as it was ultimately user error (backgrounding something on a terminal which wanted to control terminal).

Status: NEW => RESOLVED
Resolution: (none) => INVALID