Re: Shortsighted reaction on the side of Canonical
"normal users can normally not set the clock and need sudo first to set it"
The actual bug report (follow the mailing list link in the article) starts off with the statement that "Under unity and cinnamon, it is possible for a user to turn off network-syncronized time and then change the time on the system." The implication is that this is possible for an unprivileged user. If so then this certainly is a bug. Not only does it enable the privilege escalation that the bug report goes on to describer, it makes one wonder if the code underlying this enables other functions that should be impossible for an unprivileged user.
I can't say I was ever happy with the Ubuntu version of sudo. It uses the user's own password to gain superuser access providing the user is in the sudoers list. An unprivileged user who learns such a password instantly gets admin access. It's always seemed preferable to me that a second password, that of root, should be needed.
Biting the hand that feeds IT
