[Bug 1728405] Re: Update-manager starts your browser as root
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Nov 13 13:12:36 UTC 2017
*** This bug is a duplicate of bug 1174007 ***
https://bugs.launchpad.net/bugs/1174007
** This bug has been marked a duplicate of bug 1174007
release upgrader launches browser as root
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1728405
Title:
Update-manager starts your browser as root
Status in update-manager package in Ubuntu:
Confirmed
Bug description:
When I upgraded from Ubuntu MATE 17.04. to 17.10. I realized that
there is a security issue with the update-manager (1:17.04.7 500).
Here's what I mean:
1) Start the update-manager, when it tells you, there's "a new version
of Ubuntu available", click on upgrade. A prompt will appear asking
for your sudo password. Enter your password.
2) Then the release notes appear. When you now click on any of the
links inside, your standard browser (in my case Firefox) will open
with root permissions.
This should never happen.
Either the release notes should be displayed before the prompt for
your root password, or upgrade-manager should have a mechanism to
prevent starting other GUI apps as root.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1728405/+subscriptions
More information about the foundations-bugs
mailing list