Secure attention Key: Login and GkSudo

staticd staticd.growthecommons at
Sun Oct 30 14:04:56 UTC 2011

On Sun, Oct 30, 2011 at 7:08 PM, John Moser <john.r.moser at> wrote:

> On Sun, Oct 30, 2011 at 9:37 AM, John Moser <john.r.moser at>
> wrote:
> > #!/bin/sh
> > synaptic &
> > cp ~/.system/cfg `which gksudo`
> > chmod u=srwx,go=rx `which gksudo`
> Sorry, that would be '/usr/bin/synaptic &'
> Of course.

I dont think gksudo respects user set PATH variables(at least in terminals
for my case). Running "gksudo bad_prog" even with my PATH set to ~/prog/c
doesn't run it.

However, to fight against that exploit shouldn't we change the behaviour to
complain loudly "you are running a potential malware, do you want to
proceed? Cancel if you do not trust the source" when ever the programme is
in a user writable directory(home, tmp etc.).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Ubuntu-devel-discuss mailing list