Re: gsu (Was Re: More Political Stuff)

From: James Henstridge <james daa com au>
To: Preben Randhol <randhol pvv org>
Cc: ERDI Gergo <cactus telnet hu>, Ali Abdin <aliabdin aucegypt edu>,Havoc Pennington <hp redhat com>, Kjartan Maraas <kmaraas online no>,GNOME development <gnome-devel-list gnome org>
Subject: Re: gsu (Was Re: More Political Stuff)
Date: Tue, 29 Aug 2000 13:49:32 +0800 (WST)

On Tue, 29 Aug 2000, Preben Randhol wrote:

> 
> ERDI Gergo <cactus@telnet.hu> wrote on 29/08/2000 (07:38) :
> > On Mon, 28 Aug 2000, Ali Abdin wrote:
> > 
> > > You are right - if I su to root (or use sudo) and run an application it uses
> > > root's theme
> > 
> > Ummm, the whole point of the pipe-based su backend is that the user
> > interface is NOT run as root, but instead, it just passes the input to
> > su-pipe.
> 
> But it still leaves the problem that a theme could snatch the password
> as it is passed to the su-pipe.

I think that previously decided that this problem wasn't worth worrying
about.  Since if you can sneak in a rouge theme like this, you could
probably connect to the person's X server anyway, and sniff arbitrary
events.  Making a special case for the gsu gui would not really help at
all.

James.

-- 
Email: james@daa.com.au
WWW:   http://www.daa.com.au/~james/

Follow-Ups:
- Re: gsu (Was Re: More Political Stuff)
  - From: Geoff Reedy
- Re: gsu (Was Re: More Political Stuff)
  - From: Preben Randhol

References:
- Re: gsu (Was Re: More Political Stuff)
  - From: Preben Randhol

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]