Secure attention Key: Login and GkSudo
staticd.growthecommons at gmail.com
Sun Oct 30 14:04:56 UTC 2011
On Sun, Oct 30, 2011 at 7:08 PM, John Moser <john.r.moser at gmail.com> wrote:
> On Sun, Oct 30, 2011 at 9:37 AM, John Moser <john.r.moser at gmail.com>
> > #!/bin/sh
> > synaptic &
> > cp ~/.system/cfg `which gksudo`
> > chmod u=srwx,go=rx `which gksudo`
> Sorry, that would be '/usr/bin/synaptic &'
> Of course.
I dont think gksudo respects user set PATH variables(at least in terminals
for my case). Running "gksudo bad_prog" even with my PATH set to ~/prog/c
doesn't run it.
However, to fight against that exploit shouldn't we change the behaviour to
complain loudly "you are running a potential malware, do you want to
proceed? Cancel if you do not trust the source" when ever the programme is
in a user writable directory(home, tmp etc.).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ubuntu-devel-discuss