Re: gsu (Was Re: More Political Stuff)
- From: Ali Abdin <aliabdin aucegypt edu>
- To: Kjartan Maraas <kmaraas online no>
- Cc: Havoc Pennington <hp redhat com>,Preben Randhol <randhol pvv org>,GNOME development <gnome-devel-list gnome org>
- Subject: Re: gsu (Was Re: More Political Stuff)
- Date: Mon, 28 Aug 2000 01:19:11 +0300
* Kjartan Maraas (kmaraas@online.no) wrote at 01:18 on 28/08/00:
>
> Havoc Pennington wrote:
> >
> > Preben Randhol <randhol@pvv.org> writes:
> > > Havoc Pennington <hp@redhat.com> wrote on 27/08/2000 (08:31) :
> > > > There's no problem there, the GUI is not going to be suid.
> > >
> > > I was thinking about that a bad theme could snatch the password as you
> > > typed it, but it has probably been fixed.
> > >
> >
> > No it hasn't, but I can't think of a way to fix it. The answer is
> > "don't run untrusted code as root", that includes both binaries and
> > themes. Plain command line "su" could also snatch the password.
> >
> Maybe a way to disable the themeability would be nice for the
> security-minded? Would it be possible to do that easily? Sort
> of like uninstalling Windows scripting host on MS Windows :)
This doesn't make sense - Just don't change the theme :)
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
