You are not logged in.
Hi,
I'm wondering how safe the following behaviour of fprintd is:
When I type fprintd it allows me to enroll the finger without any security check (sudo) or anything. Since the fingerprint is needed for sudo this means someone who found my machine unlocked could enroll his own fingerprint and then call sudo and authenticate the request with his own fingerprint.
The permissions of /var/lib/fprint are definitely only allowing root access to these directories. Therefore I'm unsure how to alter this behaviour so that a fingerprint can only be changed after successful sudo authentication.
Thanks, Thorsten
Offline