Re: gsu (Was Re: More Political Stuff)

Havoc Pennington wrote:
> Preben Randhol <> writes:
> > Havoc Pennington <> wrote on 27/08/2000 (08:31) :
> > > There's no problem there, the GUI is not going to be suid.
> >
> > I was thinking about that a bad theme could snatch the password as you
> > typed it, but it has probably been fixed.
> >
> No it hasn't, but I can't think of a way to fix it. The answer is
> "don't run untrusted code as root", that includes both binaries and
> themes. Plain command line "su" could also snatch the password.
Maybe a way to disable the themeability would be nice for the
security-minded? Would it be possible to do that easily? Sort
of like uninstalling Windows scripting host on MS Windows :)

Kjartan Maraas

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]