460762 – Software installed without asking for sudo permission.

Bug 460762 - Software installed without asking for sudo permission.

Summary: Software installed without asking for sudo permission.

Status:	RESOLVED DOWNSTREAM

Alias:	None

Product:	Discover
Classification:	Applications
Component:	Updates (interactive) (show other bugs)
Version:	5.18.7
Platform:	Kubuntu Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Plasma Bugs List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-10-20 13:02 UTC by Walter Kargus
Modified:	2022-10-20 13:41 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Walter Kargus 2022-10-20 13:02:57 UTC

SUMMARY
Install software without authorization (ask for sudo)

STEPS TO REPRODUCE
Install software

OBSERVED RESULT
No request for sudo permission.  

EXPECTED RESULT
Request for sudo permission such that software can't be maliciously installed. 

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: 
Kernal 5.4.0-131-generic
KDE Plasma Version: 5.18.8
KDE Frameworks Version: 5.68.0
Qt Version: 5.12.8

ADDITIONAL INFORMATION

Comment 1 Bug Janitor Service 2022-10-20 13:33:59 UTC

Thank you for the bug report!

However Plasma 5.18.7 is no longer supported by KDE; supported versions are 5.24, and 5.26 or newer.
Your distribution is responsible for providing support for older versions of KDE software.

Please do one of the following:
- Upgrade to a supported version and see if the issue is still relevant
- Report the issue to your distribution

Comment 2 Nicolas Fella 2022-10-20 13:41:14 UTC

Discover uses PackageKit, which uses Polkit internally to do authorization.

Whether or not that prompts for a password is a matter of polkit/system configuration, in particular /usr/share/polkit-1/actions/org.freedesktop.packagekit.policy and /usr/share/polkit-1/rules.d/org.freedesktop.packagekit.rules