gksudo potentially very insecure

[Wouter Stomp]

I just noticed today that when I start a program which asks for your
password in gnome (with gksudo) and then you start another program
which uses gksudo, you have no idea at all that you have root
priviliges and can do potentially harmful things. At the terminal, the
timeout setting for sudo is very useful. But then you are aware of
every command that uses sudo, as you have to type it everytime. But in
Gnome, in the second program you open you have no clue at all that you
are using it as a superuser. The simplest example in which things can
go wrong is the following:

1. User opens synaptic, which asks for his password
2. User wants to open a terminal, but instead he accidentily clicks on
root terminal, which doesn't ask for a password
3. Average user doesn't see the difference and doesn't notice 'root'
at the start of the prompt, and even if he did he most likely doesn't
know what it means.
4. And then anything can happen (rm -rf /* or whatever)

At the command line, typing sudo makes you aware you are doing
something that can be dangerous. In gnome it is having to type your
password what tells you you are doing potentially dangerous things.
When not asked for a password, there's no clue left.

The timeout setting is nice and handy, but I think it would be better
if you get asked for a password whenever you start a new program with
gksudo. The timout setting could still be useful when opening the same
program more than one time.

Wouter

ps. should I file a bug about this? (couldn't find one) or is there a
reason for doing things this way?