On 2020-07-03 23:01, Ed Greshko wrote:
On 2020-07-04 12:59, Samuel Sieb wrote:
On 7/3/20 1:57 PM, ToddAndMargo via users wrote:
On 2020-07-03 13:07, Samuel Sieb wrote:
On 7/3/20 12:53 PM, ToddAndMargo via users wrote:
Oh of interest, Xfce Pol kit has a YUGE security hole that I
reported a while back that has yet to be addressed:
xfce pol kit lets others sneak in
https://github.com/ncopa/xfce-polkit/issues/5
That's not a huge security hole and it doesn't let others sneak in unless they have access to your user for some reason. That's also standard behaviour for sudo.
So basically, if I enter the root password once into the
pol kit, the pol kit allows me to run as many more
root only commands as a stand user as I want for the
next two minutes.
How in the world is that not a security hole?
Why would it be? You just authenticated yourself. Why is it a problem to let you stay authenticated for a few minutes? What do you think could happen?
Maybe he is worried about his cats? Mine are devious. I have to power off my keyboard or they walk all
over it an who knows what can happen. :-) :-)
I am worried about something worse. Me.
Okay, tofu is God's punishment to humans for
domesticating cats. Food that is tasteless,
odorless, sits in your stomach, rots, and
caused anti social after effects.
But still worried more about me than cats,
considering my past experience
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
