103627 – Ask for a password before enrolling new fingerprints

Bug 103627 - Ask for a password before enrolling new fingerprints

Summary: Ask for a password before enrolling new fingerprints

Status:	RESOLVED DUPLICATE of bug 89407

Alias:	None

Product:	libfprint
Classification:	Unclassified
Component:	fprintd (show other bugs)
Version:	unspecified
Hardware:	Other All

Importance:	medium normal
Assignee:	libfprint-bugs
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-11-08 18:08 UTC by Laurent Bigonville
Modified:	2017-11-08 21:08 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Laurent Bigonville 2017-11-08 18:08:59 UTC

Hi,

Before enrolling new fingerprints a password should be requested.

Otherwise it could lead to privileges escalation like the one described in: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719004 if for example the laptop is not locked and left unattended.

Even if the PAM module is not added to sudo/su/... PAM services, this could lead to some attacker changing one of the login method of a user and allowing him to login later.

Comment 1 Bastien Nocera 2017-11-08 21:08:15 UTC


*** This bug has been marked as a duplicate of bug 89407 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.