PCBSD Update Manager should require root password to install updates
|Reported by:||pheet||Owned by:|
|Keywords:||update, manager, root, security||Cc:|
The new Update Manager in 1.5 does not require the root password to install system updates as it runs through sudo as root NOPASSWD. I consider this a security risk.
My suggestion would be to split the update manager into 2 seperate programs:
1) GUI + the code that checks for and downloads the updates. Set as 770 root:wheel
2) Non-gui code that actually performs the updates set as 700 root:wheel , called via kdesu by the first part.
This would avoid the annoyance of being prompted for the root password when every wheel user logs in to start the manager, but without compromising BSD's security.
(One could provide an option in the GUI for the current behaviour if desired, which would chmod g+rx the 2nd part (and stop launching it thru kdesu). )