I agree that the situation is a high security risk. Every malware which uses the monthly security hole in Firefox, Flash or similar gains user rights. After that it can wait until gksu is run for installing updates, packages or changing configuration. As soon as gksu is running it can gain root rights and do whatever it wants. It isn't that easy because gksu runs only menu/panel apps without asking but there would be an workaround if someone is really interested. I guess the best solution would be to use Policykit for all Admin gui applications. So the authentication could be cached only for this app or saved for every start which is fine too since it prevents users from disabling the security feature and it should still be relatively secure too.
Notification would maybe inform the user but not prevent the root access. Of course it would be better than the current situation. The issue is still there in Jaunty. -- gksudo should notify users that the password is being remembered and used https://bugs.launchpad.net/bugs/18905 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
