On 2020-07-04 14:59, ToddAndMargo via users wrote: > On 2020-07-03 23:01, Ed Greshko wrote: >> On 2020-07-04 12:59, Samuel Sieb wrote: >>> On 7/3/20 1:57 PM, ToddAndMargo via users wrote: >>>> On 2020-07-03 13:07, Samuel Sieb wrote: >>>>> On 7/3/20 12:53 PM, ToddAndMargo via users wrote: >>>>>> Oh of interest, Xfce Pol kit has a YUGE security hole that I >>>>>> reported a while back that has yet to be addressed: >>>>>> >>>>>> xfce pol kit lets others sneak in >>>>>> https://github.com/ncopa/xfce-polkit/issues/5 >>>>> >>>>> That's not a huge security hole and it doesn't let others sneak in unless >>>>> they have access to your user for some reason. That's also standard >>>>> behaviour for sudo. >>>> >>>> So basically, if I enter the root password once into the >>>> pol kit, the pol kit allows me to run as many more >>>> root only commands as a stand user as I want for the >>>> next two minutes. >>>> >>>> How in the world is that not a security hole? >>> >>> Why would it be? You just authenticated yourself. Why is it a problem to >>> let you stay authenticated for a few minutes? What do you think could >>> happen? >> >> Maybe he is worried about his cats? Mine are devious. I have to power off >> my keyboard or they walk all >> over it an who knows what can happen. :-) :-) >> > > > I am worried about something worse. Me.
Sounds like a personal problem. :-) > > Okay, tofu is God's punishment to humans for > domesticating cats. Food that is tasteless, > odorless, sits in your stomach, rots, and > caused anti social after effects. I lived in Japan for 6 years and have lived now in Taiwan for 28 years. I love tofu. You just need to know how to cook/incorporate it in recipes. Although, I admit, I don't really care for the "stinky" variety. Yet, give me a 1,000 year old egg....yummy. > > But still worried more about me than cats, > considering my past experience Sounds like you need a Post-It-Note on your monitor "Think before Return". :-) -- The key to getting good answers is to ask good questions. _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
