Re: gsu (Was Re: More Political Stuff)

From: Havoc Pennington <hp redhat com>
To: Preben Randhol <randhol pvv org>
Cc: GNOME development <gnome-devel-list gnome org>
Subject: Re: gsu (Was Re: More Political Stuff)
Date: 27 Aug 2000 11:53:57 -0400

Preben Randhol <randhol@pvv.org> writes:
> Havoc Pennington <hp@redhat.com> wrote on 27/08/2000 (08:31) :
> > There's no problem there, the GUI is not going to be suid.
> 
> I was thinking about that a bad theme could snatch the password as you
> typed it, but it has probably been fixed.
> 

No it hasn't, but I can't think of a way to fix it. The answer is
"don't run untrusted code as root", that includes both binaries and
themes. Plain command line "su" could also snatch the password.

Havoc

Follow-Ups:
- Re: gsu (Was Re: More Political Stuff)
  - From: Kjartan Maraas

References:
- More Political Stuff
  - From: Sean Middleditch
- Re: More Political Stuff
  - From: Wolfgang Sourdeau
- Re: More Political Stuff
  - From: Sean Middleditch
- gsu (Was Re: More Political Stuff)
  - From: Vince Hodges
- Re: gsu (Was Re: More Political Stuff)
  - From: Sean Middleditch
- Re: gsu (Was Re: More Political Stuff)
  - From: Havoc Pennington
- Re: gsu (Was Re: More Political Stuff)
  - From: Vince Hodges
- Re: gsu (Was Re: More Political Stuff)
  - From: Havoc Pennington
- Re: gsu (Was Re: More Political Stuff)
  - From: Preben Randhol
- Re: gsu (Was Re: More Political Stuff)
  - From: Havoc Pennington
- Re: gsu (Was Re: More Political Stuff)
  - From: Preben Randhol

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]