On 7/3/20 1:57 PM, ToddAndMargo via users wrote:
> On 2020-07-03 13:07, Samuel Sieb wrote:
>> On 7/3/20 12:53 PM, ToddAndMargo via users wrote:
>>> Oh of interest, Xfce Pol kit has a YUGE security hole that I
>>> reported a while back that has yet to be addressed:
>>>
>>> xfce pol kit lets others sneak in
>>>
https://github.com/ncopa/xfce-polkit/issues/5
>>
>> That's not a huge security hole and it doesn't let others sneak in unless
they have access to your user for some reason. That's also standard behaviour for
sudo.
>
> So basically, if I enter the root password once into the
> pol kit, the pol kit allows me to run as many more
> root only commands as a stand user as I want for the
> next two minutes.
>
> How in the world is that not a security hole?
Why would it be? You just authenticated yourself. Why is it a problem to let you stay
authenticated for a few minutes? What do you think could happen?
Maybe he is worried about his cats? Mine are devious. I have to power off my keyboard or
they walk all
over it an who knows what can happen. :-) :-)
--
The key to getting good answers is to ask good questions.