On Sun, Jun 09, 2013 at 01:06:40PM -0700, Robert Holtzman wrote: > [...] > In my gross stupidity this seems like a nonissue. How does a popup > asking for your root p/w differ from using the CLI, typing "su" and > being asked for the root p/w? I'm assuming that the popup was in > connection with a command (GUI) that legitimately would require root > privileges. A popup from a CLI command would wave a red flag.
Typing in your root p/w in a prompt on the CLI is manually initiated -- you run a command that you know will prompt you for a password, and it prompts you. Having a random popup in your face asking you for your password, with the reason for its appearance not always immediately clear, could be bad because you would then be desensitizing yourself to password prompts, and on one fine morning before the caffeine, you might just accidentally type your password into a malicious prompt that you didn't verify beforehand. -- Kind regards, Loong Jin
signature.asc
Description: Digital signature