Sounds decent. I still think there's a lot that can be done for most (or at least many) users. A rather like the idea of a transparently-walled garden made of allowing users of a specific group to run specific executables (a broad set) with sudo.
But, bottom line.. ..one shouldn't run trojans, yes. :-) Too bad my proverbial grandma will never get that. On Thu, 2007-11-01 at 13:44 +0000, Martin Pitt wrote: > The only way to avoid this class of exploit is to entirely separate > adminstration and desktop work to two distinct users and X servers. As > soon as you introduce *any* method of gaining administration rights into > a user desktop session, you automatically open up the possibility or > running trojans which can use the very same method. > > Thus this is by no way a specific vulnerability of gksu, sudo, X.org, or > a bug in the current implementation, it's a general property of such > systems. But separating them entirely would be way too unusable. The > bottom line is that you simply shouldn't run Trojan horses. :) > > ** Changed in: gksu (Ubuntu) > Status: New => Invalid > -- Malicious program run as user can compromise system https://bugs.launchpad.net/bugs/93964 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
