Re: gsu (Was Re: More Political Stuff)
- From: Kjartan Maraas <kmaraas online no>
- To: Havoc Pennington <hp redhat com>
- Cc: Preben Randhol <randhol pvv org>,GNOME development <gnome-devel-list gnome org>
- Subject: Re: gsu (Was Re: More Political Stuff)
- Date: Sun, 27 Aug 2000 23:16:25 +0200
Havoc Pennington wrote:
>
> Preben Randhol <randhol@pvv.org> writes:
> > Havoc Pennington <hp@redhat.com> wrote on 27/08/2000 (08:31) :
> > > There's no problem there, the GUI is not going to be suid.
> >
> > I was thinking about that a bad theme could snatch the password as you
> > typed it, but it has probably been fixed.
> >
>
> No it hasn't, but I can't think of a way to fix it. The answer is
> "don't run untrusted code as root", that includes both binaries and
> themes. Plain command line "su" could also snatch the password.
>
Maybe a way to disable the themeability would be nice for the
security-minded? Would it be possible to do that easily? Sort
of like uninstalling Windows scripting host on MS Windows :)
Cheers
Kjartan Maraas
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
