Bug#474024: malicious applications can print text over gksu window

Timo Juhani Lindfors timo.lindfors at iki.fi
Mon May 4 20:07:12 UTC 2009


Hi,

if I have compromised the account of the normal user of the machine
and run

gksu dangerous-command

followed by

osd_cat -o 290 -i 410 -c black -d 100 <(echo harmless-command)

then the user sitting near the system will think that he is giving
permission to run harmless-command even though he is really going to
run dangerous-command.

I still propose that "man gksu" should be improved to warn about these
issues so that people don't get false sense of security.

best regards,
Timo Lindfors








More information about the pkg-gnome-maintainers mailing list