Bug#474024: malicious applications can print text over gksu window
Timo Juhani Lindfors
timo.lindfors at iki.fi
Mon May 4 20:07:12 UTC 2009
Hi,
if I have compromised the account of the normal user of the machine
and run
gksu dangerous-command
followed by
osd_cat -o 290 -i 410 -c black -d 100 <(echo harmless-command)
then the user sitting near the system will think that he is giving
permission to run harmless-command even though he is really going to
run dangerous-command.
I still propose that "man gksu" should be improved to warn about these
issues so that people don't get false sense of security.
best regards,
Timo Lindfors
More information about the pkg-gnome-maintainers
mailing list