gksudo potentially very insecure
Wouter Stomp
wouterstomp at gmail.com
Tue Jul 5 14:17:21 CDT 2005
On 7/5/05, Oliver Grawert <ogra at ubuntu.com> wrote:
> quoting from http://udu.wiki.ubuntu.com/UsingSudo :
>
> "A indicator should show up in the notification area during the 5min
> timeout while i can use the gained admin rights without re-entering the
> password, giving an option to cancel "god mode" imediately."
>
Please not only an indicator in the notification area... This is the
next line on the wiki:
The dialog should always show up, even if "god mode" is still active,
to indicate that I do something requiring administrative rights.
During the 5min time period where no password input is required the
password in the dialog should be prefilled.
A notification icon would be better than nothing, but I know so many
people that have that little update icon in their system tray no
matter if it is on ubuntu or in windows and also firefox in windows
with the little red arrow. Those icons are only useful if you already
know what they mean. Most users will just ignore them. So please add
some other notification mechanism. Having the usual dialog with the
password prefilled would be a good solution I think (as far as I can
see the best possible tradeoff between comfort and security).
Anyway, great that someone is going to work on this.
Wouter
More information about the ubuntu-devel
mailing list