Bug 105418

Summary: device policy: only allow enrolling for authenticated users
Product: libfprint Reporter: Marco Trevisan (Treviño) <mail>
Component: fprintdAssignee: libfprint-bugs
Status: RESOLVED DUPLICATE QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: device policy: only allow enroll for authenticated users

Description Marco Trevisan (Treviño) 2018-03-09 13:58:07 UTC 
It's currently possible to add or delete fingerprints from a session
without asking again for user authentication.

This can be a serious security issue as any temporary guest using the
machine could enroll his fingerprints and then have access.
Comment 1 Marco Trevisan (Treviño) 2018-03-09 13:58:10 UTC 
Created attachment 137936 [details] [review]
device policy: only allow enroll for authenticated users

Ensure a password prompt is shown when enrolling, and fingerprint
management is requested.
Comment 2 Bastien Nocera 2018-03-09 14:44:31 UTC 
Fairly certain this wasn't tested (or at least wasn't tested after the "auth keep" had timed out).

*** This bug has been marked as a duplicate of bug 89407 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.