gksudo potentially very insecure
Øivind Hoel
oivind.hoel at gmail.com
Wed Jul 6 02:16:18 CDT 2005
Actually this was one thing I got bashed for the other day by some
friends, me being an ubuntu user and all.
They deemed ubuntu insecure because of the whole sudo timeout thing
- ie leave your computer unattendended during the timeout effectively
gives anyone root privileges - bad. Open up a root terminal and you
don't have any timeout to worry about anymore either.
I, ofcourse, replied something along the lines of "lock your screen
when going away, damnit". Then again, the average user is probably not
even aware that you can simply lock your screen from the system menu,
let alone the fact that entering your password to run an admin
application leaves your root user exposed for x minutes.
Not that I see this as a very huge issue; on my computer and most
other desktop computers, you don't need root to do damage - losing my
/home/$user or any other place I have write access and store my data
is much worse than losing, say, /etc. Losing system files just calls
for a quick and simple reinstall, while losing your own data is a
disaster.
IMO, a "key" icon in the notification area is all it takes - with the
mandatory option of timing out NOW. I don't want an annoying box
popping up asking for my password every time I want to feel powerful
(why do we all have our popup blockers on in our browsers, again?). I
just want to be able to tell that my last superuser-instance is still
active in a non-obtrusive way.
Ofcourse, a popup (with prefilled password) during the timeout period
could potentially stop malicious scripts from doing any unintended
damage, but personally, I see this as a huge annoyance. At least have
an option in the new notification area application to enable/disable
this if you guys deem it necessary, please.
Using a different colour for the popup title is probably not supported
by metacity/gtk, right?
On 7/6/05, Wouter Stomp <wouterstomp at gmail.com> wrote:
> > Wouldn't it be better to give another color to the window title bar
> > and/or border of programs that are running with root privileges?
> >
> > --
> > JanC
>
> Don't think so:
>
> - Probably hard to do with all the different themes out there.
> - Not obvious what it means if you don't know, at least an icon could
> give information when the mouse is over it or when it is clicked
>
> But I still think it needs a dialog making it really clear what you are doing.
>
> Wouter
>
> --
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
>
More information about the ubuntu-devel
mailing list