Results 1 to 9 of 9

Thread: Disabling PolicyKit password prompts

  1. #1
    Join Date
    Feb 2006
    Beans
    35

    Disabling PolicyKit password prompts

    To make my system more secure I want to disable all PolicyKit password prompts when I am logged in as a user with account type of "Administrator".

    Is there a way to auto-approve all PolicyKit password prompts?

  2. #2
    Join Date
    Sep 2006
    Location
    France.
    Beans
    Hidden!
    Distro
    Lubuntu 14.10 Utopic Unicorn

    Re: Disabling PolicyKit password prompts

    I have a hard time relating increasing system security to disabling password prompts..
    | My old and mostly abandoned blog |
    Linux user #413984 ; Ubuntu user #178
    J'aime les fraises.
    Nighty night me lovelies!

    | Reinstalling Ubuntu ? Please check this bug first ! |
    | Using a ppa ? Please install ppa-purge from universe, you may need it should you want to revert packages back |
    | No support requests / username changes by PM, thanks. |

  3. #3
    Join Date
    Feb 2006
    Beans
    35

    Re: Disabling PolicyKit password prompts

    if a local user is compromised then it is easy to let's say add a phony "synaptic" in my path which then would prompt for a root password and by phishing that password you get elevated privileges from local to root.

    if synaptic launches with no password prompt, and there are no superfluous password prompts then it gets much harder to phish for root password. therefore disabling password prompts makes the system more secure.

  4. #4
    Join Date
    Jun 2007
    Location
    Waikikamukau, New Zealand
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Disabling PolicyKit password prompts

    I don't see the point in phishing for a root password when it's disabled by default in Ubuntu.
    Forum DOs and DON'Ts
    Never assume that information you find using a search engine is up-to-date.

  5. #5
    Join Date
    Sep 2006
    Location
    France.
    Beans
    Hidden!
    Distro
    Lubuntu 14.10 Utopic Unicorn

    Re: Disabling PolicyKit password prompts

    Quote Originally Posted by Ani View Post
    if a local user is compromised then it is easy to let's say add a phony "synaptic" in my path which then would prompt for a root password and by phishing that password you get elevated privileges from local to root.

    if synaptic launches with no password prompt, and there are no superfluous password prompts then it gets much harder to phish for root password. therefore disabling password prompts makes the system more secure.
    Well, I’m not sure you realise what it would take to get into “your path” and access your password by either listening to the keystrokes you are doing or by deciphering the file where you password is stored.

    But anyway, let’s say it is possible. Why bother if there is a user with admin access without a password ? Just get to that user and bam, party time. Whether you know if it is a european or an african swallow will be of no importance because there will be no one asking.

    So I would not be too much worried about outside attacks in your case, unless you run a server with loose configurations. I would be much much more worried about what you could do to your own file system, in particular if you do not fully understand the need for a password and all the consequences if you disable it.
    | My old and mostly abandoned blog |
    Linux user #413984 ; Ubuntu user #178
    J'aime les fraises.
    Nighty night me lovelies!

    | Reinstalling Ubuntu ? Please check this bug first ! |
    | Using a ppa ? Please install ppa-purge from universe, you may need it should you want to revert packages back |
    | No support requests / username changes by PM, thanks. |

  6. #6
    Join Date
    Feb 2006
    Beans
    35

    Re: Disabling PolicyKit password prompts

    Quote Originally Posted by bapoumba View Post
    Well, I’m not sure you realise what it would take to get into “your path” and access your password by either listening to the keystrokes you are doing or by deciphering the file where you password is stored.
    create an app called "synaptic" add it to your local path and make it pop up a simple gtk dialog asking for an administrator password.
    Quote Originally Posted by bapoumba View Post
    But anyway, let’s say it is possible. Why bother if there is a user with admin access without a password ? Just get to that user and bam, party time. Whether you know if it is a european or an african swallow will be of no importance because there will be no one asking.
    sudo will still be asking for a password. I am asking about disabling PolicyKit passwords not sudo passwords, so to gain full control of the system (sudo access) you still need to know the administrator password and PolicyKit password prompts are the best way to get to it.
    Quote Originally Posted by bapoumba View Post
    So I would not be too much worried about outside attacks in your case, unless you run a server with loose configurations. I would be much much more worried about what you could do to your own file system, in particular if you do not fully understand the need for a password and all the consequences if you disable it.
    I think I understand the consequences of disabling the PolicyKit password prompts better than you.

  7. #7
    Join Date
    Feb 2006
    Beans
    35

    Re: Disabling PolicyKit password prompts

    lisati, I am not asking about disabling the root password, I am asking about disabling PolicyKit password prompts which only allow you to launch various graphical apps like "synaptic" or "Software Center".

  8. #8
    Join Date
    Jun 2007
    Location
    Waikikamukau, New Zealand
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Disabling PolicyKit password prompts

    *cough*
    Ubuntu's root password is already disabled by default.
    https://help.ubuntu.com/community/RootSudo



    Quote Originally Posted by Ani View Post
    if a local user is compromised then it is easy to let's say add a phony "synaptic" in my path which then would prompt for a root password and by phishing that password you get elevated privileges from local to root.
    Quote Originally Posted by Ani View Post
    lisati, I am not asking about disabling the root password, I am asking about disabling PolicyKit password prompts which only allow you to launch various graphical apps like "synaptic" or "Software Center".
    Forum DOs and DON'Ts
    Never assume that information you find using a search engine is up-to-date.

  9. #9
    Join Date
    Sep 2006
    Location
    France.
    Beans
    Hidden!
    Distro
    Lubuntu 14.10 Utopic Unicorn

    Re: Disabling PolicyKit password prompts

    PolicyKit works by specific groups, actions and effects I’m sure you already know that. Is this a test or what ?
    | My old and mostly abandoned blog |
    Linux user #413984 ; Ubuntu user #178
    J'aime les fraises.
    Nighty night me lovelies!

    | Reinstalling Ubuntu ? Please check this bug first ! |
    | Using a ppa ? Please install ppa-purge from universe, you may need it should you want to revert packages back |
    | No support requests / username changes by PM, thanks. |

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •