On 2020-07-04 12:59, Samuel Sieb wrote: > On 7/3/20 1:57 PM, ToddAndMargo via users wrote: >> On 2020-07-03 13:07, Samuel Sieb wrote: >>> On 7/3/20 12:53 PM, ToddAndMargo via users wrote: >>>> Oh of interest, Xfce Pol kit has a YUGE security hole that I >>>> reported a while back that has yet to be addressed: >>>> >>>> xfce pol kit lets others sneak in >>>> https://github.com/ncopa/xfce-polkit/issues/5 >>> >>> That's not a huge security hole and it doesn't let others sneak in unless they have access to your user for some reason. That's also standard behaviour for sudo. >> >> So basically, if I enter the root password once into the >> pol kit, the pol kit allows me to run as many more >> root only commands as a stand user as I want for the >> next two minutes. >> >> How in the world is that not a security hole? > > Why would it be? You just authenticated yourself. Why is it a problem to let you stay authenticated for a few minutes? What do you think could happen? Maybe he is worried about his cats? Mine are devious. I have to power off my keyboard or they walk all over it an who knows what can happen. :-) :-) -- The key to getting good answers is to ask good questions. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
