105418 – device policy: only allow enrolling for authenticated users

Bug 105418 - device policy: only allow enrolling for authenticated users

Summary: device policy: only allow enrolling for authenticated users

Status:	RESOLVED DUPLICATE of bug 89407

Alias:	None

Product:	libfprint
Classification:	Unclassified
Component:	fprintd (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	medium normal
Assignee:	libfprint-bugs
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-03-09 13:58 UTC by Marco Trevisan (Treviño)
Modified:	2018-03-09 14:44 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments
device policy: only allow enroll for authenticated users (931 bytes, patch) 2018-03-09 13:58 UTC, Marco Trevisan (Treviño)	Details \| Splinter Review
View All

Description Marco Trevisan (Treviño) 2018-03-09 13:58:07 UTC

It's currently possible to add or delete fingerprints from a session
without asking again for user authentication.

This can be a serious security issue as any temporary guest using the
machine could enroll his fingerprints and then have access.

Comment 1 Marco Trevisan (Treviño) 2018-03-09 13:58:10 UTC

Created attachment 137936 [details] [review]
device policy: only allow enroll for authenticated users

Ensure a password prompt is shown when enrolling, and fingerprint
management is requested.

Comment 2 Bastien Nocera 2018-03-09 14:44:31 UTC

Fairly certain this wasn't tested (or at least wasn't tested after the "auth keep" had timed out).

*** This bug has been marked as a duplicate of bug 89407 ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.