[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    kdesudo
From:       John Tapsell <johnflux () gmail ! com>
Date:       2009-02-23 5:34:26
Message-ID: 43d8ce650902222134v2a3a97ccn4c1205897b52d3b2 () mail ! gmail ! com
[Download RAW message or body]

A point brought up during the whole .desktop security problem, is
kdesudo.  It only prompts for the password once, and then from then on
(for next X minutes), doesn't ask for the password again.

So a program that wants to become root only has to wait until kdesudo
has been run normally, and then can run kdesudo itself, elevating
itself to root without the user knowing.


Is there anything that we can do to make this more secure?

What's the actual use case for why we remember the password?


John
[prev in list] [next in list] [prev in thread] [next in thread]