The only way to avoid this class of exploit is to entirely separate
adminstration and desktop work to two distinct users and X servers. As
soon as you introduce *any* method of gaining administration rights into
a user desktop session, you automatically open up the possibility or
running trojans which can use the very same method.
Thus this is by no way a specific vulnerability of gksu, sudo, X.org, or
a bug in the current implementation, it's a general property of such
systems. But separating them entirely would be way too unusable. The
bottom line is that you simply shouldn't run Trojan horses. :)
** Changed in: gksu (Ubuntu)
Status: New => Invalid
--
Malicious program run as user can compromise system
https://bugs.launchpad.net/bugs/93964
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
