There is a polkit rule that allows wheel users to change the system clock without a password prompt.
I suppose this is not working when the user is nonwheel. I wonder if this should be allowed?
It could lead to HTTPS errors or something else, but I would just blindly assume it is not a privileged function (Android allows users to do that too)
I'm don't think it should be allowed. The system clock has significant impact on the operation of the whole system.
Metadata Update from @ngompa: - Issue close_status updated to: Won't fix - Issue status updated to: Closed (was: Open) - Issue tagged with: experience
Allowing non-wheel users to modify the system clock can allow them to craft all kinds of crazy things, including potentially leveraging the clock in a privilege escalation exploit. So this is probably a bad idea to allow.
Login to comment on this ticket.