On 2020-07-03 23:01, Ed Greshko wrote:
On 2020-07-04 12:59, Samuel Sieb wrote:
> On 7/3/20 1:57 PM, ToddAndMargo via users wrote:
>> On 2020-07-03 13:07, Samuel Sieb wrote:
>>> On 7/3/20 12:53 PM, ToddAndMargo via users wrote:
>>>> Oh of interest, Xfce Pol kit has a YUGE security hole that I
>>>> reported a while back that has yet to be addressed:
>>>>
>>>> xfce pol kit lets others sneak in
>>>>
https://github.com/ncopa/xfce-polkit/issues/5
>>>
>>> That's not a huge security hole and it doesn't let others sneak in
unless they have access to your user for some reason. That's also standard behaviour
for sudo.
>>
>> So basically, if I enter the root password once into the
>> pol kit, the pol kit allows me to run as many more
>> root only commands as a stand user as I want for the
>> next two minutes.
>>
>> How in the world is that not a security hole?
>
> Why would it be? You just authenticated yourself. Why is it a problem to let you
stay authenticated for a few minutes? What do you think could happen?
Maybe he is worried about his cats? Mine are devious. I have to power off my keyboard
or they walk all
over it an who knows what can happen. :-) :-)
I am worried about something worse. Me.
Okay, tofu is God's punishment to humans for
domesticating cats. Food that is tasteless,
odorless, sits in your stomach, rots, and
caused anti social after effects.
But still worried more about me than cats,
considering my past experience