Bug 103627 - Ask for a password before enrolling new fingerprints
Summary: Ask for a password before enrolling new fingerprints
Status: RESOLVED DUPLICATE of bug 89407
Alias: None
Product: libfprint
Classification: Unclassified
Component: fprintd (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: libfprint-bugs
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-08 18:08 UTC by Laurent Bigonville
Modified: 2017-11-08 21:08 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Attachments

Description Laurent Bigonville 2017-11-08 18:08:59 UTC
Hi,

Before enrolling new fingerprints a password should be requested.

Otherwise it could lead to privileges escalation like the one described in: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719004 if for example the laptop is not locked and left unattended.

Even if the PAM module is not added to sudo/su/... PAM services, this could lead to some attacker changing one of the login method of a user and allowing him to login later.
Comment 1 Bastien Nocera 2017-11-08 21:08:15 UTC

*** This bug has been marked as a duplicate of bug 89407 ***


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.