This seems like a very important issue to me. Currently, any app can be secretly running as root, if it somehow gets itself executed by gksu after I've already entered a password.
I know nothing about the internals of gksu, so this might be unreasonable, but I would think the best option would simply be to always display some sort gksu prompt. If it's possible to display that a sudo session is availiable, surely it's possible to detect this, and then provide an "Allow/Deny" dialog, instead of the usual password prompt?
The logic of this isn't perfect, as gksu doesn't currently talk about allowing programs root access, but that's a minor thing compared to having a way to block random apps from being run with root privilege.
This seems like a very important issue to me. Currently, any app can be secretly running as root, if it somehow gets itself executed by gksu after I've already entered a password.
I know nothing about the internals of gksu, so this might be unreasonable, but I would think the best option would simply be to always display some sort gksu prompt. If it's possible to display that a sudo session is availiable, surely it's possible to detect this, and then provide an "Allow/Deny" dialog, instead of the usual password prompt?
The logic of this isn't perfect, as gksu doesn't currently talk about allowing programs root access, but that's a minor thing compared to having a way to block random apps from being run with root privilege.