Local privilege escalation when the user uses gksudo
Bug #319314 reported by
Rubyman
This bug report is a duplicate of:
Bug #18905: gksudo should notify users that the password is being remembered and used.
Edit
Remove
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ubuntu |
New
|
Undecided
|
Unassigned | ||
Bug Description
Any malicious program launched graphically (by double-clicking on it from nautilus, including the desktop) and trying to use sudo at regular intervals can obtain super-user privileges if a sudoer launches a program requiring super-user privileges from the main menu (like Synaptic) or the systray (like the update manager).
Tested with Ubuntu 8.10
To post a comment you must log in.
