Re: gsu (Was Re: More Political Stuff)

Preben Randhol <> writes:
> Havoc Pennington <> wrote on 27/08/2000 (08:31) :
> > There's no problem there, the GUI is not going to be suid.
> I was thinking about that a bad theme could snatch the password as you
> typed it, but it has probably been fixed.

No it hasn't, but I can't think of a way to fix it. The answer is
"don't run untrusted code as root", that includes both binaries and
themes. Plain command line "su" could also snatch the password.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]