No. It is most certainly a security vulnerability. (1) Opening a folder as root should NEVER EVER open the wrong folder, then execute a part of the folder name as a command under root. (2) kdesudo will not prompt the user for a password (and hence allow the user to review the command) if the user has within the past 15 minutes opened something else as root. (3) We should not assume, even if said dialog comes up, that the user has enough shell-code knowledge to identify an escape.
-- kdesudo+dolphin leads to command execution vulnerability https://bugs.launchpad.net/bugs/163417 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
