Bug 460762

Summary: Software installed without asking for sudo permission.
Product: [Applications] Discover Reporter: Walter Kargus <waltk4>
Component: UpdatesAssignee: Plasma Bugs List <plasma-bugs-null>
Status: RESOLVED DOWNSTREAM    
Severity: normal CC: aleixpol, nicolas.fella
Priority: NOR    
Version First Reported In: 5.18.7   
Target Milestone: ---   
Platform: Kubuntu   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Walter Kargus 2022-10-20 13:02:57 UTC 
SUMMARY
Install software without authorization (ask for sudo)

STEPS TO REPRODUCE
Install software

OBSERVED RESULT
No request for sudo permission.  

EXPECTED RESULT
Request for sudo permission such that software can't be maliciously installed. 

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: 
Kernal 5.4.0-131-generic
KDE Plasma Version: 5.18.8
KDE Frameworks Version: 5.68.0
Qt Version: 5.12.8

ADDITIONAL INFORMATION
Comment 1 Bug Janitor Service 2022-10-20 13:33:59 UTC 
Thank you for the bug report!

However Plasma 5.18.7 is no longer supported by KDE; supported versions are 5.24, and 5.26 or newer.
Your distribution is responsible for providing support for older versions of KDE software.

Please do one of the following:
- Upgrade to a supported version and see if the issue is still relevant
- Report the issue to your distribution
Comment 2 Nicolas Fella 2022-10-20 13:41:14 UTC 
Discover uses PackageKit, which uses Polkit internally to do authorization.

Whether or not that prompts for a password is a matter of polkit/system configuration, in particular /usr/share/polkit-1/actions/org.freedesktop.packagekit.policy and /usr/share/polkit-1/rules.d/org.freedesktop.packagekit.rules