** Description changed:
Binary package hint: update-manager
gksu is called without giving the full path. An application that has
normal user rights could use this for an elevation of privilege by
modifying the PATH variable. After it modifies the PATH variable to
point to a location where it holds a custom gksu script it has just to
wait for the the next Ubuntu update in order to run with root
privileges.
The code for this is in UpdateManager.py, run_synaptic function, line 697 on
version 0.81.2:
cmd = ["gksu", "--desktop", "/usr/share/applications/update-manager.desktop",
Found in:
Ubuntu 7.10
Package: update-manager v. 0.81.2
+
+ It is also present in Ubuntu Hardy, update-manager v. 0.87.9. It seems
+ that the problem was introduces in Ubuntu Edgy, update manager v. 0.45.
** Tags added: gksu manager security update
--
Update manager calls gksu instead of /usr/bin/gksu
https://bugs.launchpad.net/bugs/194166
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
